Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: hylafax buffer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Team   
Debian A set of problems have been discovered in Hylafax that could allow for a denial of service or possibly the execution of arbitrary code with root privileges.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 148-1                                        Martin Schulze
August 12th, 2002   
- --------------------------------------------------------------------------

Package        : hylafax
Vulnerability  : buffer overflows and format string vulnerabilities
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2001-1034
Bugtraq Id     : 3357 5349 5348

A set of problems have been discovered in Hylafax, a flexible
client/server fax software distributed with many GNU/Linux
distributions.  Quoting SecurityFocus the problems are in detail:

 * A format string vulnerability makes it possible for users to
   potentially execute arbitrary code on some implementations.  Due to
   insufficient checking of input, it's possible to execute a format
   string attack.  Since this only affects systems with the faxrm and
   faxalter programs installed setuid, Debian is not vulnerable.

 * A buffer overflow has been reported in Hylafax.  A malicious fax
   transmission may include a long scan line that will overflow a
   memory buffer, corrupting adjacent memory.  An exploid may result
   in a denial of service condition, or possibly the execution of
   arbitrary code with root privileges.

 * A format string vulnerability has been discovered in faxgetty.
   Incoming fax messages include a Transmitting Subscriber
   Identification (TSI) string, used to identify the sending fax
   machine.  Hylafax uses this data as part of a format string without
   properly sanitizing the input.  Malicious fax data may cause the
   server to crash, resulting in a denial of service condition.
 * Marcin Dawcewicz discovered a format string vulnerability in hfaxd,
   which will crash hfaxd under certain circumstances.  Since Debian
   doesn't have hfaxd installed setuid root, this problem can not
   directly lead into a vulnerability.  This has been fixed by Darren
   Nickerson, which was already present in newer versions, but not in
   the potato version.

These problems have been fixed in version 4.0.2-14.3 for the old
stable distribution (potato), in version 4.1.1-1.1 for the current
stable distribution (woody) and in version 4.1.2-2.1 for the unstable
distribution (sid).

We recommend that you upgrade your hylafax packages.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
      Size/MD5 checksum:      624 258322373e17ea876ced8ff40d2657ae
      Size/MD5 checksum:    81815 5d08c97482de1c0fb396148a43e464be
      Size/MD5 checksum:  1343569 59966e41f769770134b2c80c84245874

  Architecture independent components:
      Size/MD5 checksum:   517632 2cfca398afd15471a4f3c8194dc838ae

  Alpha architecture:
      Size/MD5 checksum:   509592 d3fb699ea9bd4fb5cddb16a7931a395e
      Size/MD5 checksum:  1130548 9017187a07824236de07dce42a5032be

  ARM architecture:
      Size/MD5 checksum:   389264 98c2a5dfa4306965acc9d6f0ea909605
      Size/MD5 checksum:   864078 793c1de1a50bb73536c1246c96b0d450

  Intel IA-32 architecture:
      Size/MD5 checksum:   398406 9e30d17b4645472b1b04bab0962c1080
      Size/MD5 checksum:   877434 1ae774e2115c983eed9fda2b6c19aa84

  Motorola 680x0 architecture:
      Size/MD5 checksum:   385696 3177d7de33c31a7ee2e6fa67f81bdb77
      Size/MD5 checksum:   843094 10610c3e3082a5e3e92ca0f07b2e961d

  PowerPC architecture:
      Size/MD5 checksum:   388586 7917f305ddc521f3c0bf50f1df2d38eb
      Size/MD5 checksum:   858980 26889bca9a720946245519abaf96b32f

  Sun Sparc architecture:
      Size/MD5 checksum:   370812 80f3caad71eb8b3c67b6f7a8500460c4
      Size/MD5 checksum:   827696 d11315ac73cf015bd8366f1c6c85e218

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Hylafax was released only for the architectures alpha, arm, hppa,
i386, ia64, m68k, powerpc, s390 and sparc.

  Source archives:
      Size/MD5 checksum:      741 bc3635f4c19a0700b4cc717c6c1322e7
      Size/MD5 checksum:   114552 612823bb6a275ab886fe2138ef15eae2
      Size/MD5 checksum:  1287689 1ed081750be70a800708699b7568e17e

  Architecture independent components:
      Size/MD5 checksum:   318018 b2c9b05305490a58bcb325276964e3d2

  Alpha architecture:
      Size/MD5 checksum:   556040 27102aa33baac1f507abf7c98e606b3b
      Size/MD5 checksum:  1362152 f68c48dd394d175da3a0ecdeb6e112e3

  ARM architecture:
      Size/MD5 checksum:   445322 75ccc9e7ce3e0f85977a0e6f584eb4d5
      Size/MD5 checksum:  1095062 cccb608c1f26ed0611b54992720f5000

  Intel IA-32 architecture:
      Size/MD5 checksum:   462154 16a74f04fe1fb9d5c682239e202dbda5
      Size/MD5 checksum:  1132412 a941316aca93f58e0e257222b1e25111

  Intel IA-64 architecture:
      Size/MD5 checksum:   615468 7ff33e153f2759a07c772f8a68f480d8
      Size/MD5 checksum:  1491408 6720c5951d6a944db481386ea7be3320

  HP Precision architecture:
      Size/MD5 checksum:   501290 23fb491d4212c8677ca90412ff7502ef
      Size/MD5 checksum:  1230944 83df5af12938f6615ce95109a26b5e0a
  Motorola 680x0 architecture:
      Size/MD5 checksum:   451016 753934c8f05bc2f5db81ef9a1f3f01a7
      Size/MD5 checksum:  1099728 3c0921de3887e99a71f0f79c00bd2091

  PowerPC architecture:
      Size/MD5 checksum:   450046 53b65e2f2f7a95d49b0f160606c12317
      Size/MD5 checksum:  1103892 efd5bdedef2a68adcc7ce30a66b6a2ea

  IBM S/390 architecture:
      Size/MD5 checksum:   441698 0643afc885cbfe883b16128181fe0967
      Size/MD5 checksum:  1087174 76704c6234fe4c9bebaa4ae517a69e25

  Sun Sparc architecture:
      Size/MD5 checksum:   433586 06e478ccafa99cda109b6cce8192a5df
      Size/MD5 checksum:  1082202 cbef6f10a8ab7b5515838de3466f3847

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.