Hi, Quoting christer.obergat_private (christer.obergat_private): > There are some format strings vulnerbilities in the lastest hylafax package > try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept". > Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from > port collection). uid uucp is not that exciting but with some luck you'll > find uucp owned binaries running from cron with uid 0. Just for everyone's I: This 'works' on Debian stable/unstable, but faxrm/faxalter are non-suid (as all other hylafax-client binaries). Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdmat_private for my GnuPG/PGP key. It's hard to believe they put men on the Moon with only 5K of RAM. -- Wired
This archive was generated by hypermail 2b30 : Mon Sep 24 2001 - 10:17:26 PDT