hylafax
From: christer.oberg@gmx.netDate: 09/23/01
- Previous message: Rick Kelly: "Re: Question about Local vulnerability in libutil derived with FreeBSD."
- Next in thread: Robert van der Meulen: "Re: hylafax"
- Reply: Robert van der Meulen: "Re: hylafax"
- Reply: KF: "Re: hylafax"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Sep 2001 11:50:45 +0200 (MEST) From: christer.oberg@gmx.net To: bugtraq@securityfocus.com Subject: hylafax Message-ID: <3629.1001238645@www8.gmx.net>
There are some format strings vulnerbilities in the lastest hylafax package
try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept".
Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from
port collection). uid uucp is not that exciting but with some luck you'll
find uucp owned binaries running from cron with uid 0.
-- Sent through GMX FreeMail - http://www.gmx.net
- Previous message: Rick Kelly: "Re: Question about Local vulnerability in libutil derived with FreeBSD."
- Next in thread: Robert van der Meulen: "Re: hylafax"
- Reply: Robert van der Meulen: "Re: hylafax"
- Reply: KF: "Re: hylafax"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
