Hylafax vulnerable to exploit
Please check www.rootshell.com August exploits, the hylafax exploit
which targets the CGI script 'faxsurvey' IS vulnerable (in the exploit talks
about Suse). This script is provided by the package hylafax-doc in the
main/comm section, installing this script opens the system to remote
execution of commands as the user running the server.
This bug SHOULD be fixed ASAP. Slink has the same problem (since it
uses hamm's version).
Regards
Javi
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: