From owner-freebsd-security Mon Aug 12 12: 7: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD91737B400; Mon, 12 Aug 2002 12:07:02 -0700 (PDT) Received: from mgr5.xmission.com (mgr5.xmission.com [198.60.22.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5352843E81; Mon, 12 Aug 2002 12:07:02 -0700 (PDT) (envelope-from glewis@misty.eyesbeyond.com) Received: from mail by mgr5.xmission.com with spam-scanned (Exim 3.35 #1) id 17eKWr-0000pU-00; Mon, 12 Aug 2002 13:07:01 -0600 Received: from [207.135.128.145] (helo=misty.eyesbeyond.com) by mgr5.xmission.com with esmtp (Exim 3.35 #1) id 17eKWo-0000nz-00; Mon, 12 Aug 2002 13:07:01 -0600 Received: (from glewis@localhost) by misty.eyesbeyond.com (8.11.6/8.11.6) id g7CJ6XP19481; Tue, 13 Aug 2002 04:36:33 +0930 (CST) (envelope-from glewis) Date: Tue, 13 Aug 2002 04:36:31 +0930 From: Greg Lewis To: Mike Tancsa Cc: ports@FreeBSD.ORG, security@FreeBSD.ORG, so@FreeBSD.ORG Subject: Re: hylaxfax security issue (from the ports) Message-ID: <20020813043631.A19449@misty.eyesbeyond.com> References: <5.1.1.6.0.20020812142654.0525a938@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.1.6.0.20020812142654.0525a938@marble.sentex.ca>; from mike@sentex.net on Mon, Aug 12, 2002 at 02:35:44PM -0400 X-Spam-Status: No, hits=-3.4 required=8.0 tests=IN_REP_TO version=2.31 X-Spam-Level: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Aug 12, 2002 at 02:35:44PM -0400, Mike Tancsa wrote: > > Looks like the current version of HylaFax in the ports once again has > security issues (remote and local). > > From the web page http://www.hylafax.org/4.1.3.html > > 4.1.3 includes fixes for a remote format string vulnerability which could > be abused in a denial of service attack. Also fixed is a buffer overflow > condition when receiving fax image data which potentially could be > exploited to execute arbitrary code as root. Also present in 4.1.3 are > fixes for several other local remote format string vulnerabilities which, > in some installations, could lead to elevated privileges by abuse. Everyone > is advised to upgrade. > > ------------------------------ > I am not a heavy user of HylaFax (only outbound), but removing the two > patch files and making the following changes lets it build with the new > source code. The md5 is also on the webpage. Ouch. Upgrade committed, security-officer may want to send out an advisory on this though. I only needed to modify one of the patch files to get thing to build correctly. I also updated the package list to match the files 4.1.3 installs. Thanks, Mike! -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message