Bugtraq mailing list archives
Re: hylafax security hole in faxcron, xferstats and recvstats
From: marc () SUSE DE (Marc Heuse)
Date: Wed, 23 Sep 1998 08:46:50 +0200
Hi,
faxcron, xferstats and recvstats as they are installed with hylafax-v4.0pl2 can be used to execute arbitary awk programs as the invoking user. All three programs are usually run by cron on behalf of the fax user (aka uucp). faxcron, xferstats and recvstats which are all Bourne Shell scripts create temporary files in /tmp which are later executed by awk. The names of these temp files can easily be guessed. Any awk code that is found in a correctly guessed file will be run verbatim (if the attacker was clever enough to protect his file from being overwritten).
I found & fixed these bugs on monday, an update package should be available today (wednesday) for the S.u.S.E. distribution on the usual update sites (e.g. ftp.suse.com) Fixes for the hylafax maintainer should be on their way It would be nice to be informed earlier if you find security problems, so a fix can be downloaded once the script kiddies know about the vulnerabilities and try their attacks, that we have got a fix know is only a coincidence, and it will take a day or two until other linux distribution will fixed and build their package. Greets, Marc -- Marc Heuse, S.u.S.E. GmbH, Fahrradstr. 56, D-90429 Nuernberg E@mail: marc () suse de Function: Security Support & Auditing Use "finger marc () suse de | pgp -fka" for my public pgp key
Current thread:
- hylafax security hole in faxcron, xferstats and recvstats Tobias Richter (Sep 22)
- <Possible follow-ups>
- Re: hylafax security hole in faxcron, xferstats and recvstats der Mouse (Sep 22)
- Re: hylafax security hole in faxcron, xferstats and recvstats Marc Heuse (Sep 22)