MDKSA-2001:041

Nom du paquet

hylafax

Date

2001-04-24

Advisory ID

MDKSA-2001:041

Affected versions

7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

A problem exists with the HylaFAX program, hfaxd. When hfaxd tries to change it's queue directory and fails, it prints an error message via syslog by directly passing user supplied data as the format string. If hfaxd is installed setuid root, this behaviour can be exploited to gain root access locally. Note that Linux-Mandrake does not ship hfaxd setuid root by default.

Updated packages

7.2 i586

 bb5496fcdf2be7c4cf1a235797ef3317  7.2/RPMS/hylafax-4.1-0.9mdk.i586.rpm
12dbc8359e7e7a179d9df0ff763b7b5d  7.2/RPMS/hylafax-client-4.1-0.9mdk.i586.rpm
2a5394dca8c6629179f2182ffae55329  7.2/RPMS/hylafax-server-4.1-0.9mdk.i586.rpm
9aca03bb7cabaf127cf25b5a810c7d92  7.2/SRPMS/hylafax-4.1-0.9mdk.src.rpm

7.1 i586

 ee6eab1c642154d5322dbd352f52b624  7.1/RPMS/hylafax-4.1-0.10mdk.i586.rpm
b73c45f4ee1c4f491fcdedc91ac45030  7.1/RPMS/hylafax-client-4.1-0.10mdk.i586.rpm
cfebff780619fe410c20a131d0e8e9b3  7.1/RPMS/hylafax-server-4.1-0.10mdk.i586.rpm
d5beb2e46136d5828c1de8048ad8572e  7.1/SRPMS/hylafax-4.1-0.10mdk.src.rpm

CS1.0 i586

 ee6eab1c642154d5322dbd352f52b624  1.0.1/RPMS/hylafax-4.1-0.10mdk.i586.rpm
b73c45f4ee1c4f491fcdedc91ac45030  1.0.1/RPMS/hylafax-client-4.1-0.10mdk.i586.rpm
cfebff780619fe410c20a131d0e8e9b3  1.0.1/RPMS/hylafax-server-4.1-0.10mdk.i586.rpm
d5beb2e46136d5828c1de8048ad8572e  1.0.1/SRPMS/hylafax-4.1-0.10mdk.src.rpm