GLSA: hylafax (200311-03)

From: Rajiv Aaron Manglani (rajiv_at_gentoo.org)
Date: 11/20/03

Next message: Conectiva Updates: "[CLA-2003:786] Conectiva Security Announcement - zebra"

Previous message: Rajiv Aaron Manglani: "GLSA: opera (200311-02)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Nov 2003 02:55:21 -0500
To: bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-03
- ---------------------------------------------------------------------------

GLSA: 200311-03
package: net-misc/hylafax
summary: Remote code exploit in hylafax
severity: normal
Gentoo bug: 33368
date: 2003-11-10
CVE: CAN-2003-0886
exploit: remote
affected: <=4.1.7
fixed: >=4.1.8

DESCRIPTION:

During a code review of the hfaxd server, the SuSE Security Team discovered a
format bug condition that allows a remote attacker to execute arbitrary code
as the root user. However, the bug cannot be triggered in the default hylafax
configuration.

SuSE-SA:2003:045 outlines the problem, and is available at
http://lwn.net/Articles/57562/

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to
the latest available version. Vulnerable versions of hylafax have been
removed from portage. Specific steps to upgrade:

emerge --sync
emerge '>=net-misc/hylafax-4.1.8'
emerge clean

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/vHEAnt0v0zAqOHYRAlCAAKCLwz7O2bjXT4nIPoJNWYNfaoVURgCgkGtd
b5odwnwTh5KQwRIIq7WzYPM=
=D1ou
-----END PGP SIGNATURE-----

Next message: Conectiva Updates: "[CLA-2003:786] Conectiva Security Announcement - zebra"

Previous message: Rajiv Aaron Manglani: "GLSA: opera (200311-02)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: xp remote desktop bluescreen or how to shoot your pc
... Windows XP Pro En SP3 Remote Desktop Blue Screen Procedure: ... Here comes the procedure to reproduce a severe bug in the windows xp ... this is not a proper place for a bug report in any case. ...
(microsoft.public.windowsxp.work_remotely)
Re: Ancient history [was Re: Public disclosure ...]
... > be used to break security. ... > triggerable overwriting or invalid access bug can be used to break ... less always consisted of persuading/misusing an OS/library bug so as to ... several remote exploits seems to consist of a two-stage attack: ...
(sci.crypt)
Re: Forcing system to save all open files
... However, thanks to a bug in the atheros wireless driver of my network card, ... Passwordless RSA key logins are impossible as the remote ... is there a way for me to force all open documents to be saved? ... Sync will write out all data in system buffers, but not in the user processes themselves unless they have already done the last write. ...
(comp.os.linux.misc)
Re: Forcing system to save all open files
... However, thanks to a bug in the atheros wireless driver of my network card, ... Passwordless RSA key logins are impossible as the remote ... is there a way for me to force all open documents to be saved? ... even Microsoft Word running on Crossover Linux. ...
(comp.os.linux.misc)
Re: I have tried several times to get my Direct TV STB to work wit
... purchased an HP m8100N back in January and the tv card included islisted> as Hauppauge Phantom Combo ATSC/NTS support.>> I have Direct TV with STB Standard - D11-100. ... I can get signal to the PC> with either S video cable or by setting the box to channel 3 or 4. ... but I have not been able to get the Windows Media remote to> change the channels and match up to the guide that it successfully loads> down. ... I have run outof> ideas.>> I am fairly certain my hardware is set up properly and all parts seem tobe> functioning, the IR receiver, the blaster (bug) in connection 1. ...
(microsoft.public.windows.mediacenter)