LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated hylafax packages fix eval injection vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first. This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid information presented to HylaFAX to run arbitrary commands as the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered versions) Updated packages were also reviewed for vulnerability to an issue where if PAM is disabled, a user could log in with no password. (CVE-2005-3538) In addition, some fixes to the packages for permissions, and the %pre/%post scripts were backported from cooker. (#19679) The updated packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:015
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : hylafax
 Date    : January 16, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Patrice Fournier discovered the faxrcvd/notify scripts 
 (executed as the uucp/fax user) run user-supplied input through 
 eval without any attempt at sanitising it first.  This would 
 allow any user who could submit jobs to HylaFAX, or through 
 telco manipulation control the representation of callid 
 information presented to HylaFAX to run arbitrary commands as 
 the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered
 versions)                                                          
 
 Updated packages were also reviewed for vulnerability to
 an issue where if PAM is disabled, a user could log in with no 
 password. (CVE-2005-3538)
 
 In addition, some fixes to the packages for permissions, and 
 the %pre/%post scripts were backported from cooker. (#19679)
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3538
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3539
 http://qa.mandriva.com/show_bug.cgi?id=19679
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 2288eb6fa13db28cec0a2936e6da201b  10.1/RPMS/hylafax-4.2.0-1.4.101mdk.i586.rpm
 ae01aff5e685211d56d782c7107aa643  10.1/RPMS/hylafax-client-4.2.0-1.4.101mdk.i586.rpm
 2d160b49e8e9e41beb3a8bd98995a4e7  10.1/RPMS/hylafax-server-4.2.0-1.4.101mdk.i586.rpm
 0210a8f6269b741c88f1a08e1fd3bf67  10.1/RPMS/libhylafax4.2.0-4.2.0-1.4.101mdk.i586.rpm
 21aad742a2af1af8bef9ec598dcc9808  10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.4.101mdk.i586.rpm
 0db2c22f9b1714b2bc67767be3af086b  10.1/SRPMS/hylafax-4.2.0-1.4.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 204fddbe437c72f04bbc10d9520b29bf  x86_64/10.1/RPMS/hylafax-4.2.0-1.4.101mdk.x86_64.rpm
 0c0b7f49dc6ba818255066d880b1eeda  x86_64/10.1/RPMS/hylafax-client-4.2.0-1.4.101mdk.x86_64.rpm
 514b0ae30861e05453665b10c96e0471  x86_64/10.1/RPMS/hylafax-server-4.2.0-1.4.101mdk.x86_64.rpm
 0a91eadc96ace924c000932bf7b73f00  x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.4.101mdk.x86_64.rpm
 1eea0a264c43552015c86490e562f3c3  x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.4.101mdk.x86_64.rpm
 0db2c22f9b1714b2bc67767be3af086b  x86_64/10.1/SRPMS/hylafax-4.2.0-1.4.101mdk.src.rpm

 Mandriva Linux 10.2:
 695fe8a1cf2e5833db4ffb268b655d6c  10.2/RPMS/hylafax-4.2.0-3.2.102mdk.i586.rpm
 c9225a4743adb84c29980e08c21012af  10.2/RPMS/hylafax-client-4.2.0-3.2.102mdk.i586.rpm
 aae88d44d8bf87dff930cd55fef41859  10.2/RPMS/hylafax-server-4.2.0-3.2.102mdk.i586.rpm
 ab985d622d8163af3f8c14741bb12605  10.2/RPMS/libhylafax4.2.0-4.2.0-3.2.102mdk.i586.rpm
 351cdb560784d10d328485feef281291  10.2/RPMS/libhylafax4.2.0-devel-4.2.0-3.2.102mdk.i586.rpm
 8afc40fca6dffd46b6f7655248210c78  10.2/SRPMS/hylafax-4.2.0-3.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 98d01067467b97abd72184241bfb9f79  x86_64/10.2/RPMS/hylafax-4.2.0-3.2.102mdk.x86_64.rpm
 8f21f4566fb19a5cb4b01829ad80c7cc  x86_64/10.2/RPMS/hylafax-client-4.2.0-3.2.102mdk.x86_64.rpm
 15af886a1b4b2720415dc7c5193bef31  x86_64/10.2/RPMS/hylafax-server-4.2.0-3.2.102mdk.x86_64.rpm
 8f2eebb841672550e7fc312eaf994f6e  x86_64/10.2/RPMS/lib64hylafax4.2.0-4.2.0-3.2.102mdk.x86_64.rpm
 950422660ba456ace9450a99ead9f09e  x86_64/10.2/RPMS/lib64hylafax4.2.0-devel-4.2.0-3.2.102mdk.x86_64.rpm
 8afc40fca6dffd46b6f7655248210c78  x86_64/10.2/SRPMS/hylafax-4.2.0-3.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 f59e6af800bd40730fc55268dd30a50f  2006.0/RPMS/hylafax-4.2.1-2.2.20060mdk.i586.rpm
 cf0592e938676ea718034a3a34ba6d5e  2006.0/RPMS/hylafax-client-4.2.1-2.2.20060mdk.i586.rpm
 f0f64fc2f28bbba0cf80a1f3e2be55e0  2006.0/RPMS/hylafax-server-4.2.1-2.2.20060mdk.i586.rpm
 278d2008b94d186cc56c067685ad617b  2006.0/RPMS/libhylafax4.2.0-4.2.1-2.2.20060mdk.i586.rpm
 47f570e1550aa2a286c0417d6a8673a6  2006.0/RPMS/libhylafax4.2.0-devel-4.2.1-2.2.20060mdk.i586.rpm
 7fa7882271a6486bb797a21ac3621d3c  2006.0/SRPMS/hylafax-4.2.1-2.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 35a706154fb7111baa93011a32077284  x86_64/2006.0/RPMS/hylafax-4.2.1-2.2.20060mdk.x86_64.rpm
 73cb090effdccf7cb1a6cbe04f121da4  x86_64/2006.0/RPMS/hylafax-client-4.2.1-2.2.20060mdk.x86_64.rpm
 552d1a2f6b1ade68f2694dd4880bc000  x86_64/2006.0/RPMS/hylafax-server-4.2.1-2.2.20060mdk.x86_64.rpm
 e4a63e6b0898a58d6125062ae913fe31  x86_64/2006.0/RPMS/lib64hylafax4.2.0-4.2.1-2.2.20060mdk.x86_64.rpm
 6f2d818013c1f3be6aeacd5d7ca9cce2  x86_64/2006.0/RPMS/lib64hylafax4.2.0-devel-4.2.1-2.2.20060mdk.x86_64.rpm
 7fa7882271a6486bb797a21ac3621d3c  x86_64/2006.0/SRPMS/hylafax-4.2.1-2.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.