=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Пт, 05 ноя 1999  10:36:22

   От: Thomas Biege <thomas@SUSE.DE>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Re: hylafax-4.0.2 local exploit

--------------------------------------------------------------------------------




Hi,

I spend alot o' time for security checks on hylafax-v4.0pl2 for SuSE

Linux.

I'll tell you, that there are some more scary holes in it.

After our maintainer of hylafax makes my patch work with the

_new_ version of hylafax and the author of hylafax gets my report + patch

I'll make it public.



BTW, it would be nice, if you'll behave the same way. 1.) notice the

author/vendors and 2.) make it public.



Brock, check out a CGI script called faxsurvey. More then a year ago I

posted a remote cmd. exec. exploit to bugtraq. I think it isn't fixed till

now. The script wouldn't be installed on SuSE Linux.



last notice: faxalter isn't installed SUID on SuSE Linux, and doesn't have

to, because the server has uid uucp and calls faxalter, AFAIR.



Bye,

     Thomas

--

  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg

  E@mail: thomas@suse.de      Function: Security Support & Auditing

  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"

   Key fingerprint = 09 48 F2 FD 81 F7 E7 98  6D C7 36 F1 96 6A 12 47