Debian: hylafax buffer overflow

    Date12 Aug 2002
    CategoryDebian
    2471
    Posted ByLinuxSecurity Advisories
    A set of problems have been discovered in Hylafax that could allow for a denial of service or possibly the execution of arbitrary code with root privileges.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 148-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    August 12th, 2002   
    - --------------------------------------------------------------------------
    
    Package        : hylafax
    Vulnerability  : buffer overflows and format string vulnerabilities
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2001-1034
    Bugtraq Id     : 3357 5349 5348
    
    A set of problems have been discovered in Hylafax, a flexible
    client/server fax software distributed with many GNU/Linux
    distributions.  Quoting SecurityFocus the problems are in detail:
    
     * A format string vulnerability makes it possible for users to
       potentially execute arbitrary code on some implementations.  Due to
       insufficient checking of input, it's possible to execute a format
       string attack.  Since this only affects systems with the faxrm and
       faxalter programs installed setuid, Debian is not vulnerable.
    
     * A buffer overflow has been reported in Hylafax.  A malicious fax
       transmission may include a long scan line that will overflow a
       memory buffer, corrupting adjacent memory.  An exploid may result
       in a denial of service condition, or possibly the execution of
       arbitrary code with root privileges.
    
     * A format string vulnerability has been discovered in faxgetty.
       Incoming fax messages include a Transmitting Subscriber
       Identification (TSI) string, used to identify the sending fax
       machine.  Hylafax uses this data as part of a format string without
       properly sanitizing the input.  Malicious fax data may cause the
       server to crash, resulting in a denial of service condition.
     * Marcin Dawcewicz discovered a format string vulnerability in hfaxd,
       which will crash hfaxd under certain circumstances.  Since Debian
       doesn't have hfaxd installed setuid root, this problem can not
       directly lead into a vulnerability.  This has been fixed by Darren
       Nickerson, which was already present in newer versions, but not in
       the potato version.
    
    These problems have been fixed in version 4.0.2-14.3 for the old
    stable distribution (potato), in version 4.1.1-1.1 for the current
    stable distribution (woody) and in version 4.1.2-2.1 for the unstable
    distribution (sid).
    
    We recommend that you upgrade your hylafax packages.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2-14.3.dsc
          Size/MD5 checksum:      624 258322373e17ea876ced8ff40d2657ae
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2-14.3.diff.gz
          Size/MD5 checksum:    81815 5d08c97482de1c0fb396148a43e464be
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2.orig.tar.gz
          Size/MD5 checksum:  1343569 59966e41f769770134b2c80c84245874
    
      Architecture independent components:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.0.2-14.3_all.deb
          Size/MD5 checksum:   517632 2cfca398afd15471a4f3c8194dc838ae
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_alpha.deb
          Size/MD5 checksum:   509592 d3fb699ea9bd4fb5cddb16a7931a395e
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_alpha.deb
          Size/MD5 checksum:  1130548 9017187a07824236de07dce42a5032be
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_arm.deb
          Size/MD5 checksum:   389264 98c2a5dfa4306965acc9d6f0ea909605
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_arm.deb
          Size/MD5 checksum:   864078 793c1de1a50bb73536c1246c96b0d450
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_i386.deb
          Size/MD5 checksum:   398406 9e30d17b4645472b1b04bab0962c1080
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_i386.deb
          Size/MD5 checksum:   877434 1ae774e2115c983eed9fda2b6c19aa84
    
      Motorola 680x0 architecture:
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_m68k.deb
          Size/MD5 checksum:   385696 3177d7de33c31a7ee2e6fa67f81bdb77
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_m68k.deb
          Size/MD5 checksum:   843094 10610c3e3082a5e3e92ca0f07b2e961d
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_powerpc.deb
          Size/MD5 checksum:   388586 7917f305ddc521f3c0bf50f1df2d38eb
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_powerpc.deb
          Size/MD5 checksum:   858980 26889bca9a720946245519abaf96b32f
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_sparc.deb
          Size/MD5 checksum:   370812 80f3caad71eb8b3c67b6f7a8500460c4
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_sparc.deb
          Size/MD5 checksum:   827696 d11315ac73cf015bd8366f1c6c85e218
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
    Hylafax was released only for the architectures alpha, arm, hppa,
    i386, ia64, m68k, powerpc, s390 and sparc.
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-1.1.dsc
          Size/MD5 checksum:      741 bc3635f4c19a0700b4cc717c6c1322e7
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-1.1.diff.gz
          Size/MD5 checksum:   114552 612823bb6a275ab886fe2138ef15eae2
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
          Size/MD5 checksum:  1287689 1ed081750be70a800708699b7568e17e
    
      Architecture independent components:
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-1.1_all.deb
          Size/MD5 checksum:   318018 b2c9b05305490a58bcb325276964e3d2
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_alpha.deb
          Size/MD5 checksum:   556040 27102aa33baac1f507abf7c98e606b3b
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_alpha.deb
          Size/MD5 checksum:  1362152 f68c48dd394d175da3a0ecdeb6e112e3
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_arm.deb
          Size/MD5 checksum:   445322 75ccc9e7ce3e0f85977a0e6f584eb4d5
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_arm.deb
          Size/MD5 checksum:  1095062 cccb608c1f26ed0611b54992720f5000
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_i386.deb
          Size/MD5 checksum:   462154 16a74f04fe1fb9d5c682239e202dbda5
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_i386.deb
          Size/MD5 checksum:  1132412 a941316aca93f58e0e257222b1e25111
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_ia64.deb
          Size/MD5 checksum:   615468 7ff33e153f2759a07c772f8a68f480d8
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_ia64.deb
          Size/MD5 checksum:  1491408 6720c5951d6a944db481386ea7be3320
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_hppa.deb
          Size/MD5 checksum:   501290 23fb491d4212c8677ca90412ff7502ef
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_hppa.deb
          Size/MD5 checksum:  1230944 83df5af12938f6615ce95109a26b5e0a
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_m68k.deb
          Size/MD5 checksum:   451016 753934c8f05bc2f5db81ef9a1f3f01a7
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_m68k.deb
          Size/MD5 checksum:  1099728 3c0921de3887e99a71f0f79c00bd2091
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_powerpc.deb
          Size/MD5 checksum:   450046 53b65e2f2f7a95d49b0f160606c12317
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_powerpc.deb
          Size/MD5 checksum:  1103892 efd5bdedef2a68adcc7ce30a66b6a2ea
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_s390.deb
          Size/MD5 checksum:   441698 0643afc885cbfe883b16128181fe0967
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_s390.deb
          Size/MD5 checksum:  1087174 76704c6234fe4c9bebaa4ae517a69e25
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_sparc.deb
          Size/MD5 checksum:   433586 06e478ccafa99cda109b6cce8192a5df
         http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_sparc.deb
          Size/MD5 checksum:  1082202 cbef6f10a8ab7b5515838de3466f3847
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.