[UNIX] HylaFAX Format String Vulnerabilities (faxrm, faxalter)
From: support@securiteam.comDate: 10/07/01
- Previous message: support@securiteam.com: "[TOOL] MindTerm, Java Based SSH Implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] HylaFAX Format String Vulnerabilities (faxrm, faxalter) Message-Id: <20011006220753.78EE1138C4@mail.der-keiler.de> Date: Sun, 7 Oct 2001 00:07:53 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
HylaFAX Format String Vulnerabilities (faxrm, faxalter)
------------------------------------------------------------------------
SUMMARY
<http://www.vix.com/hylafax/> HylaFAX client-server protocol server
contains a security vulnerability that allows local attackers to exploit a
format string attack in the program, causing it to execute arbitrary code.
DETAILS
Example:
The faxrm and faxalter utilities contain format string vulnerabilities
that can be caused by issuing the following commands:
$ faxrm -h %x 1
$ faxalter -h %x -D 1
Since both faxrm and faxalter are installed with set user id (setuid)
'uucp' privileges on some operating systems (in particular, on FreeBSD as
part of the ports collection), elevated privileges can be gained.
ADDITIONAL INFORMATION
The information has been provided by <mailto:christer.oberg@gmx.net>
Christer Oberg.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[TOOL] MindTerm, Java Based SSH Implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [Full-disclosure] [ GLSA 200708-16 ] Qt: Multiple format string vulnerabilities
... Format string vulnerabilities in Qt 3 may lead to the remote execution ... of
arbitrary code in some Qt applications. ... Tim Brown of Portcullis Computer Security
Ltd and Dirk Mueller of KDE ... (Full-Disclosure) - [ GLSA 200708-16 ] Qt: Multiple format string vulnerabilities
... Format string vulnerabilities in Qt 3 may lead to the remote execution ... of
arbitrary code in some Qt applications. ... Tim Brown of Portcullis Computer Security
Ltd and Dirk Mueller of KDE ... (Bugtraq) - [Full-disclosure] [ GLSA 200511-01 ] libgda: Format string vulnerabilities
... Two format string vulnerabilities in libgda may lead to the execution ...
of arbitrary code with the rights of that application. ... Security is a primary
focus of Gentoo Linux and ensuring the ... (Full-Disclosure) - [ GLSA 200511-01 ] libgda: Format string vulnerabilities
... Two format string vulnerabilities in libgda may lead to the execution ...
of arbitrary code with the rights of that application. ... Security is a primary
focus of Gentoo Linux and ensuring the ... (Bugtraq) - [UNIX] zkfingerd Format String Vulnerability
... Beyond Security would like to welcome Tiscali World Online ... The first
format string vulnerability can be found in the putlog ... it is possible to overwrite
arbitray locations in memory with values ... Further format string vulnerabilities,
that all have the same root cause, ... (Securiteam)
