TUCoPS :: Unix :: General
:: hylafax.htm
HylaFAX server v4.1 beta2 classical format bug
Vulnerability
HylaFAX
Affected
HylaFAX server v4.1 beta2
Description
Marcin Dawcewicz found following. He has found classical format
bug while hge was playing with HylaFAX server (v4.1 beta2):
$ [ -u /usr/sbin/hfaxd ] && /usr/sbin/hfaxd -q '%n%n'
Segmentation fault
It crashes while calling syslog() with user supplied fmt. Looks
nasty.
No working exploit,
Solution
A patch to address the problem may be found at:
http://www.hylafax.org/patches/hfaxd-vulnerability.patch
This patch fixes the problem, and also removes the suid bit from
the hfaxd binary. Anyone experiencing problems as a result of
this change please contact bugs@hylafax.org.
They intend to release a beta-4 very soon which will include the
above fix. In the meantime, if you are unable to upgrade or
rebuild HylaFAX from patched source, they recommend that you
remove the suid root bit from the hfaxd executable:
chmod a-s /usr/sbin/hfaxd (or whatever your path is)