Hylafax vulnerable to exploit

To: debian-security@lists.debian.org, debian-devel@lists.debian.org
Subject: Hylafax vulnerable to exploit
From: Javier Fdz-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>
Date: Thu, 6 Aug 1998 15:00:09 +0200
Message-id: <[🔎] 19980806150009.A10388@ieeesb.etsit.upm.es>


	Please check www.rootshell.com August exploits, the hylafax exploit
which targets the CGI script 'faxsurvey' IS vulnerable (in the exploit talks
about Suse). This script is provided by the package hylafax-doc in the
main/comm section, installing this script opens the system to remote
execution of commands as the user running the server.

	This bug SHOULD be fixed ASAP. Slink has the same problem (since it
uses hamm's version).

	Regards

	Javi


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Hylafax vulnerable to exploit
  - From: Martin Schulze <joey@kuolema.Infodrom.North.DE>

Prev by Date: Re: Debian is secure, the debian lists are not.
Next by Date: Re: moving my Debian pages off fatman
Previous by thread: lost some mail
Next by thread: Re: Hylafax vulnerable to exploit
Index(es):
- Date
- Thread