[22719] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

hylafax

daemon@ATHENA.MIT.EDU (christer.oberg@gmx.net)
Mon Sep 24 12:36:20 2001

Date: Sun, 23 Sep 2001 11:50:45 +0200 (MEST)
From: christer.oberg@gmx.net
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <3629.1001238645@www8.gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

There are some format strings vulnerbilities in the lastest hylafax package
try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from
port collection). uid uucp is not that exciting but with some luck you'll
find uucp owned binaries running from cron with uid 0.

-- 
Sent through GMX FreeMail - http://www.gmx.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22719] in bugtraq

hylafax

daemon@ATHENA.MIT.EDU (christer.oberg@gmx.net)Mon Sep 24 12:36:20 2001

daemon@ATHENA.MIT.EDU (christer.oberg@gmx.net)
Mon Sep 24 12:36:20 2001