Hi,
> faxcron, xferstats and recvstats as they are installed with
> hylafax-v4.0pl2 can be used to execute arbitary awk programs
> as the invoking user. All three programs are usually run by
> cron on behalf of the fax user (aka uucp).
>
> faxcron, xferstats and recvstats which are all Bourne Shell scripts
> create temporary files in /tmp which are later executed by awk. The
> names of these temp files can easily be guessed. Any awk code that is
> found in a correctly guessed file will be run verbatim (if the attacker
> was clever enough to protect his file from being overwritten).
I found & fixed these bugs on monday, an update package should be
available today (wednesday) for the S.u.S.E. distribution on the usual
update sites (e.g. ftp.suse.com)
Fixes for the hylafax maintainer should be on their way
It would be nice to be informed earlier if you find security problems, so
a fix can be downloaded once the script kiddies know about the
vulnerabilities and try their attacks, that we have got a fix know is only
a coincidence, and it will take a day or two until other linux distribution
will fixed and build their package.
Greets,
Marc
--
Marc Heuse, S.u.S.E. GmbH, Fahrradstr. 56, D-90429 Nuernberg
E@mail: marcat_private Function: Security Support & Auditing
Use "finger marcat_private | pgp -fka" for my public pgp key
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:23 PDT