[22851] in bugtraq
Re: hylafax
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Sun Oct 14 21:07:43 2001
Message-ID: <02e401c1541d$a8ef62d0$027eb6d4@clitoris>
From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
To: <christer.oberg@gmx.net>, <bugtraq@securityfocus.com>
Date: Sat, 13 Oct 2001 21:31:29 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> There are some format strings vulnerbilities in the lastest hylafax
package
> try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
an exploit for this one:
http://www.frasunek.com/sources/security/security/hylafax.pl
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
