Re: hylafax

From: Lee Howard (faxguyat_private)
Date: Sun Oct 14 2001 - 20:52:33 PDT

Next message: Przemyslaw Frasunek: "Re: hylafax"

Previous message: Matthew S. Hallacy: "Re: OpenProjects IRCD allows DNS spoofing"
In reply to: Przemyslaw Frasunek: "Re: hylafax"
Next in thread: Przemyslaw Frasunek: "Re: hylafax"
Reply: Przemyslaw Frasunek: "Re: hylafax"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:31 PM 10/13/01 +0200, Przemyslaw Frasunek wrote:
>> There are some format strings vulnerbilities in the lastest hylafax
>package
>> try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
>
>an exploit for this one:
>http://www.frasunek.com/sources/security/security/hylafax.pl


As has been pointed out on the hylafax-develat_private mailing list, this
exploit is only useful for those installations which have set hfaxd to suid
root.  The standard HylaFAX installation does not do this.

[user@hylafaxserver user]$ faxstat -i
HylaFAX version 4.1rc1 built Sat Jun  2 16:55:31 MDT 2001 for i686-pc-linux
HylaFAX scheduler on hylafaxserver.mydomain.com: Running
Modem ttyS1 (+1.435.755.0959): Running and idle
[user@hylafaxserver lee]$ ./hylafax.pl
Not vulnerable
[user@hylafaxserver lee]$

Lee.

Next message: Przemyslaw Frasunek: "Re: hylafax"
Previous message: Matthew S. Hallacy: "Re: OpenProjects IRCD allows DNS spoofing"
In reply to: Przemyslaw Frasunek: "Re: hylafax"
Next in thread: Przemyslaw Frasunek: "Re: hylafax"
Reply: Przemyslaw Frasunek: "Re: hylafax"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 09:36:30 PDT