Re: Hylafax vulnerable to exploit

To: Javier Fdz-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>, debian-security@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Hylafax vulnerable to exploit
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
Date: Thu, 6 Aug 1998 15:06:42 +0200
Message-id: <[🔎] 19980806150642.A31148@kuolema.Infodrom.North.DE>
Reply-to: Martin Schulze <joey@infodrom.north.de>
In-reply-to: <[🔎] 19980806150009.A10388@ieeesb.etsit.upm.es>; from Javier Fdz-Sanguino Pen~a on Thu, Aug 06, 1998 at 03:00:09PM +0200
References: <[🔎] 19980806150009.A10388@ieeesb.etsit.upm.es>

Javier Fdz-Sanguino Pen~a wrote:
> 
> 
> 	Please check www.rootshell.com August exploits, the hylafax exploit
> which targets the CGI script 'faxsurvey' IS vulnerable (in the exploit talks
> about Suse). This script is provided by the package hylafax-doc in the
> main/comm section, installing this script opens the system to remote
> execution of commands as the user running the server.
> 
> 	This bug SHOULD be fixed ASAP. Slink has the same problem (since it
> uses hamm's version).

We're already dealing with it.  As a workaround the recently uploaded
package doesn't contain this program anymore and it is being worked on
a fix.

Regards,

	Joey

-- 
Never trust an operating system you don't have source for!


--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Hylafax vulnerable to exploit
  - From: Javier Fdz-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>

Prev by Date: Consistent installation of Debian in several machines
Next by Date: Re: Consistent installation of Debian in several machines
Previous by thread: Hylafax vulnerable to exploit
Next by thread: Consistent installation of Debian in several machines
Index(es):
- Date
- Thread