[22854] in bugtraq
Re: hylafax
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Mon Oct 15 12:55:40 2001
Message-ID: <01c601c1552d$4d1b5250$027eb6d4@clitoris>
From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
To: "Lee Howard" <faxguy@deanox.com>
Cc: <christer.oberg@gmx.net>, <bugtraq@securityfocus.com>
Date: Mon, 15 Oct 2001 05:55:59 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> As has been pointed out on the hylafax-devel@hylafax.org mailing list,
this
> exploit is only useful for those installations which have set hfaxd to
suid
> root. The standard HylaFAX installation does not do this.
This exploit is designed for hylafax compiled on FreeBSD, where faxrm is
suid uucp. Gaining uid=uucp on FreeBSD < 4.4 provides easy root compromise
(see FreeBSD SA-01:62).
--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
