> As has been pointed out on the hylafax-develat_private mailing list, this > exploit is only useful for those installations which have set hfaxd to suid > root. The standard HylaFAX installation does not do this. This exploit is designed for hylafax compiled on FreeBSD, where faxrm is suid uucp. Gaining uid=uucp on FreeBSD < 4.4 provides easy root compromise (see FreeBSD SA-01:62). -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Mon Oct 15 2001 - 09:49:01 PDT