Linux Security
    Linux Security
    Linux Security

    Debian: hylafax buffer overflow

    Posted By
    A set of problems have been discovered in Hylafax that could allow for a denial of service or possibly the execution of arbitrary code with root privileges.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 148-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 12th, 2002   
    - --------------------------------------------------------------------------
    Package        : hylafax
    Vulnerability  : buffer overflows and format string vulnerabilities
    Problem-Type   : remote
    Debian-specific: no
    CVE Id         : CAN-2001-1034
    Bugtraq Id     : 3357 5349 5348
    A set of problems have been discovered in Hylafax, a flexible
    client/server fax software distributed with many GNU/Linux
    distributions.  Quoting SecurityFocus the problems are in detail:
     * A format string vulnerability makes it possible for users to
       potentially execute arbitrary code on some implementations.  Due to
       insufficient checking of input, it's possible to execute a format
       string attack.  Since this only affects systems with the faxrm and
       faxalter programs installed setuid, Debian is not vulnerable.
     * A buffer overflow has been reported in Hylafax.  A malicious fax
       transmission may include a long scan line that will overflow a
       memory buffer, corrupting adjacent memory.  An exploid may result
       in a denial of service condition, or possibly the execution of
       arbitrary code with root privileges.
     * A format string vulnerability has been discovered in faxgetty.
       Incoming fax messages include a Transmitting Subscriber
       Identification (TSI) string, used to identify the sending fax
       machine.  Hylafax uses this data as part of a format string without
       properly sanitizing the input.  Malicious fax data may cause the
       server to crash, resulting in a denial of service condition.
     * Marcin Dawcewicz discovered a format string vulnerability in hfaxd,
       which will crash hfaxd under certain circumstances.  Since Debian
       doesn't have hfaxd installed setuid root, this problem can not
       directly lead into a vulnerability.  This has been fixed by Darren
       Nickerson, which was already present in newer versions, but not in
       the potato version.
    These problems have been fixed in version 4.0.2-14.3 for the old
    stable distribution (potato), in version 4.1.1-1.1 for the current
    stable distribution (woody) and in version 4.1.2-2.1 for the unstable
    distribution (sid).
    We recommend that you upgrade your hylafax packages.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
      Source archives:
          Size/MD5 checksum:      624 258322373e17ea876ced8ff40d2657ae
          Size/MD5 checksum:    81815 5d08c97482de1c0fb396148a43e464be
          Size/MD5 checksum:  1343569 59966e41f769770134b2c80c84245874
      Architecture independent components:
          Size/MD5 checksum:   517632 2cfca398afd15471a4f3c8194dc838ae
      Alpha architecture:
          Size/MD5 checksum:   509592 d3fb699ea9bd4fb5cddb16a7931a395e
          Size/MD5 checksum:  1130548 9017187a07824236de07dce42a5032be
      ARM architecture:
          Size/MD5 checksum:   389264 98c2a5dfa4306965acc9d6f0ea909605
          Size/MD5 checksum:   864078 793c1de1a50bb73536c1246c96b0d450
      Intel IA-32 architecture:
          Size/MD5 checksum:   398406 9e30d17b4645472b1b04bab0962c1080
          Size/MD5 checksum:   877434 1ae774e2115c983eed9fda2b6c19aa84
      Motorola 680x0 architecture:
          Size/MD5 checksum:   385696 3177d7de33c31a7ee2e6fa67f81bdb77
          Size/MD5 checksum:   843094 10610c3e3082a5e3e92ca0f07b2e961d
      PowerPC architecture:
          Size/MD5 checksum:   388586 7917f305ddc521f3c0bf50f1df2d38eb
          Size/MD5 checksum:   858980 26889bca9a720946245519abaf96b32f
      Sun Sparc architecture:
          Size/MD5 checksum:   370812 80f3caad71eb8b3c67b6f7a8500460c4
          Size/MD5 checksum:   827696 d11315ac73cf015bd8366f1c6c85e218
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    Hylafax was released only for the architectures alpha, arm, hppa,
    i386, ia64, m68k, powerpc, s390 and sparc.
      Source archives:
          Size/MD5 checksum:      741 bc3635f4c19a0700b4cc717c6c1322e7
          Size/MD5 checksum:   114552 612823bb6a275ab886fe2138ef15eae2
          Size/MD5 checksum:  1287689 1ed081750be70a800708699b7568e17e
      Architecture independent components:
          Size/MD5 checksum:   318018 b2c9b05305490a58bcb325276964e3d2
      Alpha architecture:
          Size/MD5 checksum:   556040 27102aa33baac1f507abf7c98e606b3b
          Size/MD5 checksum:  1362152 f68c48dd394d175da3a0ecdeb6e112e3
      ARM architecture:
          Size/MD5 checksum:   445322 75ccc9e7ce3e0f85977a0e6f584eb4d5
          Size/MD5 checksum:  1095062 cccb608c1f26ed0611b54992720f5000
      Intel IA-32 architecture:
          Size/MD5 checksum:   462154 16a74f04fe1fb9d5c682239e202dbda5
          Size/MD5 checksum:  1132412 a941316aca93f58e0e257222b1e25111
      Intel IA-64 architecture:
          Size/MD5 checksum:   615468 7ff33e153f2759a07c772f8a68f480d8
          Size/MD5 checksum:  1491408 6720c5951d6a944db481386ea7be3320
      HP Precision architecture:
          Size/MD5 checksum:   501290 23fb491d4212c8677ca90412ff7502ef
          Size/MD5 checksum:  1230944 83df5af12938f6615ce95109a26b5e0a
      Motorola 680x0 architecture:
          Size/MD5 checksum:   451016 753934c8f05bc2f5db81ef9a1f3f01a7
          Size/MD5 checksum:  1099728 3c0921de3887e99a71f0f79c00bd2091
      PowerPC architecture:
          Size/MD5 checksum:   450046 53b65e2f2f7a95d49b0f160606c12317
          Size/MD5 checksum:  1103892 efd5bdedef2a68adcc7ce30a66b6a2ea
      IBM S/390 architecture:
          Size/MD5 checksum:   441698 0643afc885cbfe883b16128181fe0967
          Size/MD5 checksum:  1087174 76704c6234fe4c9bebaa4ae517a69e25
      Sun Sparc architecture:
          Size/MD5 checksum:   433586 06e478ccafa99cda109b6cce8192a5df
          Size/MD5 checksum:  1082202 cbef6f10a8ab7b5515838de3466f3847
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"131","title":"Preventing information leakage","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.