[22720] in bugtraq
Re: hylafax
daemon@ATHENA.MIT.EDU (Robert van der Meulen)
Mon Sep 24 13:10:44 2001
Date: Mon, 24 Sep 2001 18:54:12 +0200
From: Robert van der Meulen <rvdm@cistron.nl>
To: christer.oberg@gmx.net
Cc: bugtraq@securityfocus.com
Message-ID: <20010924185412.A17611@wiretrip.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3629.1001238645@www8.gmx.net>
Hi,
Quoting christer.oberg@gmx.net (christer.oberg@gmx.net):
> There are some format strings vulnerbilities in the lastest hylafax package
> try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
> Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from
> port collection). uid uucp is not that exciting but with some luck you'll
> find uucp owned binaries running from cron with uid 0.
Just for everyone's I:
This 'works' on Debian stable/unstable, but faxrm/faxalter are non-suid (as
all other hylafax-client binaries).
Greets,
Robert
--
Linux Generation
encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key.
It's hard to believe they put men on the Moon with only 5K of RAM. -- Wired
