6365955 2001-04-15 02:23 -0400  /29 rader/ Darren Nickerson <darren@DAZZA.ORG>
Sänt av: joel@lysator.liu.se
Importerad: 2001-04-16  10:41  av Brevbäraren
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: darren@DAZZA.ORG
Mottagare: Bugtraq (import) <16544>
Ärende: **SECURITY ADVISORY** - HylaFAX format string vulnerability
------------------------------------------------------------
From: Darren Nickerson <darren@DAZZA.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010415062349.E4A055FFBA@hewes.dazza.org>

Folks,

A format bug has been discovered in hfaxd. Details of the report may
be found at:

	http://www.securityfocus.com/archive/1/175963

A patch to address the problem may be found at:

	http://www.hylafax.org/patches/hfaxd-vulnerability.patch

This patch fixes the problem, and also removes the suid bit from the
hfaxd binary. Anyone experiencing problems as a result of this change
please contact bugs@hylafax.org.

We intend to release a beta-4 very soon which will include the above
fix. In the meantime, if you are unable to upgrade or rebuild HylaFAX
from patched source, we recommend that you remove the suid root bit
from the hfaxd executable:

	chmod a-s /usr/sbin/hfaxd (or whatever your path is)

-Darren
(6365955) /Darren Nickerson <darren@DAZZA.ORG>/(Ombruten)