Hi, Quoting christer.oberg@gmx.net (christer.oberg@gmx.net): > There are some format strings vulnerbilities in the lastest hylafax package > try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept". > Both faxrm and faxalter are installed setuid uucp on FreeBSD (installed from > port collection). uid uucp is not that exciting but with some luck you'll > find uucp owned binaries running from cron with uid 0. Just for everyone's I: This 'works' on Debian stable/unstable, but faxrm/faxalter are non-suid (as all other hylafax-client binaries). Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm@debian.org for my GnuPG/PGP key. It's hard to believe they put men on the Moon with only 5K of RAM. -- Wired
