SECURITY ADVISORY - HylaFAX format string vulnerability

From: Darren Nickerson (darrenat_private)
Date: Sat Apr 14 2001 - 23:23:43 PDT

Next message: debian-security-announceat_private: "[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files"

Previous message: debian-security-announceat_private: "[SECURITY] [DSA-047-1] multiple kernel problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks,

A format bug has been discovered in hfaxd. Details of the report may be found
at:

	http://www.securityfocus.com/archive/1/175963

A patch to address the problem may be found at:

	http://www.hylafax.org/patches/hfaxd-vulnerability.patch

This patch fixes the problem, and also removes the suid bit from the hfaxd
binary. Anyone experiencing problems as a result of this change please contact
bugsat_private

We intend to release a beta-4 very soon which will include the above fix. In
the meantime, if you are unable to upgrade or rebuild HylaFAX from patched
source, we recommend that you remove the suid root bit from the hfaxd
executable:

	chmod a-s /usr/sbin/hfaxd (or whatever your path is)

-Darren

Next message: debian-security-announceat_private: "[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files"
Previous message: debian-security-announceat_private: "[SECURITY] [DSA-047-1] multiple kernel problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 02:08:08 PDT

**SECURITY ADVISORY** - HylaFAX format string vulnerability

SECURITY ADVISORY - HylaFAX format string vulnerability