OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Darren Nickerson (darrenDAZZA.ORG)
Date: Sun Apr 15 2001 - 01:23:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Folks,

    A format bug has been discovered in hfaxd. Details of the report may be found
    at:

            http://www.securityfocus.com/archive/1/175963

    A patch to address the problem may be found at:

            http://www.hylafax.org/patches/hfaxd-vulnerability.patch

    This patch fixes the problem, and also removes the suid bit from the hfaxd
    binary. Anyone experiencing problems as a result of this change please contact
    bugshylafax.org.

    We intend to release a beta-4 very soon which will include the above fix. In
    the meantime, if you are unable to upgrade or rebuild HylaFAX from patched
    source, we recommend that you remove the suid root bit from the hfaxd
    executable:

            chmod a-s /usr/sbin/hfaxd (or whatever your path is)

    -Darren