Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Mar 2000 12:30:33 -0800 (PST)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        =?X-UNKNOWN?Q?Javier_Villari=F1o_Ord=F3=F1ez?= <villar@ceniai.inf.cu>
Cc:        ports@freebsd.org
Subject:   Re: Hylafax problems
Message-ID:  <Pine.BSF.4.21.0003221227370.62120-100000@freefall.freebsd.org>
In-Reply-To: <Pine.BSF.3.96.1000322080310.12656C-100000@int.ceniai.inf.cu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Mar 2000, Javier Villari=F1o Ord=F3=F1ez wrote:

> When I try to install Hylafax I get that:
>=20
> "Security hole (buffer overflow yielding setuid uucp)"
>=20
> What is the meaning of that?

There is a security hole which allows local users on your system to obtain
the privileges of the uucp user, and possibly from there to gain further
privileges (possibly including root). I've been told that there's also a
network daemon installed by the port - in this case, it might also be
vulnerable to a remote attack, but I haven't checked whether this is true
or not.

Basically, install at your own risk :)

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0003221227370.62120-100000>