Re: hylafax

From: Przemyslaw Frasunek (venglinat_private)
Date: Sun Oct 14 2001 - 20:55:59 PDT

Next message: Brian McWilliams: "Microsoft To Prioritize Security Bugs"

Previous message: Lee Howard: "Re: hylafax"
In reply to: Lee Howard: "Re: hylafax"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> As has been pointed out on the hylafax-develat_private mailing list,
this
> exploit is only useful for those installations which have set hfaxd to
suid
> root.  The standard HylaFAX installation does not do this.

This exploit is designed for hylafax compiled on FreeBSD, where faxrm is
suid uucp. Gaining uid=uucp on FreeBSD < 4.4 provides easy root compromise
(see FreeBSD SA-01:62).

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *

Next message: Brian McWilliams: "Microsoft To Prioritize Security Bugs"
Previous message: Lee Howard: "Re: hylafax"
In reply to: Lee Howard: "Re: hylafax"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 09:49:01 PDT