Debian Hylafax Buffer Overflow Advisory - DSA 148-1 Critical Remote Threat
debian
August 12, 2002
A set of problems have been discovered in Hylafax that could allow for a denial of service or possibly the execution of arbitrary code with root privileges.
Topics Covered
Summary
A set of problems have been discovered in Hylafax, a flexible
client/server fax software distributed with many GNU/Linux
distributions. Quoting SecurityFocus the problems are in detail:
* A format string vulnerability makes it possible for users to
potentially execute arbitrary code on some implementations. Due to
insufficient checking of input, it's possible to execute a format
string attack. Since this only affects systems with the faxrm and
faxalter programs installed setuid, Debian is not vulnerable.
* A buffer overflow has been reported in Hylafax. A malicious fax
transmission may include a long scan line that will overflow a
memory buffer, corrupting adjacent memory. An exploid may result
in a denial of service condition, or possibly the execution of
arbitrary code with root privileges.
* A format string vulnerability has been discovered in faxgetty.
Incoming fax messages include a Transmitting Subscriber
Identification (TSI) string, used to identify the...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: hylafax
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!