At 09:31 PM 10/13/01 +0200, Przemyslaw Frasunek wrote: >> There are some format strings vulnerbilities in the lastest hylafax >package >> try faxrm -h %x 1 or faxalter -h %x -D 1 for "proof of concept". > >an exploit for this one: >http://www.frasunek.com/sources/security/security/hylafax.pl As has been pointed out on the hylafax-devel@hylafax.org mailing list, this exploit is only useful for those installations which have set hfaxd to suid root. The standard HylaFAX installation does not do this. [user@hylafaxserver user]$ faxstat -i HylaFAX version 4.1rc1 built Sat Jun 2 16:55:31 MDT 2001 for i686-pc-linux HylaFAX scheduler on hylafaxserver.mydomain.com: Running Modem ttyS1 (+1.435.755.0959): Running and idle [user@hylafaxserver lee]$ ./hylafax.pl Not vulnerable [user@hylafaxserver lee]$ Lee.
