[8012] in bugtraq
Re: hylafax security hole in faxcron, xferstats and recvstats
daemon@ATHENA.MIT.EDU (Marc Heuse)
Wed Sep 23 12:53:26 1998
Date: Wed, 23 Sep 1998 08:46:50 +0200
Reply-To: Marc Heuse <marc@SUSE.DE>
From: Marc Heuse <marc@SUSE.DE>
To: BUGTRAQ@NETSPACE.ORG
Hi,
> faxcron, xferstats and recvstats as they are installed with
> hylafax-v4.0pl2 can be used to execute arbitary awk programs
> as the invoking user. All three programs are usually run by
> cron on behalf of the fax user (aka uucp).
>
> faxcron, xferstats and recvstats which are all Bourne Shell scripts
> create temporary files in /tmp which are later executed by awk. The
> names of these temp files can easily be guessed. Any awk code that is
> found in a correctly guessed file will be run verbatim (if the attacker
> was clever enough to protect his file from being overwritten).
I found & fixed these bugs on monday, an update package should be
available today (wednesday) for the S.u.S.E. distribution on the usual
update sites (e.g. ftp.suse.com)
Fixes for the hylafax maintainer should be on their way
It would be nice to be informed earlier if you find security problems, so
a fix can be downloaded once the script kiddies know about the
vulnerabilities and try their attacks, that we have got a fix know is only
a coincidence, and it will take a day or two until other linux distribution
will fixed and build their package.
Greets,
Marc
--
Marc Heuse, S.u.S.E. GmbH, Fahrradstr. 56, D-90429 Nuernberg
E@mail: marc@suse.de Function: Security Support & Auditing
Use "finger marc@suse.de | pgp -fka" for my public pgp key
