OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[SA10185] SuSE HylaFAX hfaxd Format String Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Nov 11 2003 - 07:14:47 CST


TITLE:
SuSE HylaFAX hfaxd Format String Vulnerability

SECUNIA ADVISORY ID:
SA10185

VERIFY ADVISORY:
http://www.secunia.com/advisories/10185/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

OPERATING SYSTEM:
SuSE Linux Standard Server 8
SuSE Linux 7.x
SuSE Linux 8.x
SuSE Linux 9.0
SuSE Linux Desktop 1.x
SuSE Linux Enterprise Server 7
SuSE Linux Office Server

DESCRIPTION:
SuSE has reported a vulnerability in HylaFAX, which can be exploited
by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a format string error in hfaxd,
which can be exploited to execute arbitrary code.

Successful exploitation requires that hylafax is running in a
non-standard configuration.

SOLUTION:
Apply updated packages.

-- Intel i386 Platform --

SuSE-9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/hylafax-4.1.7-67.i586.rpm
598081f0d8518014c122466549d3aee2
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/capi4hylafax-4.1.7-67.i586.rpm
b440a0ac3debb15af86c55ce9648a0c9
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/hylafax-4.1.7-67.i586.patch.rpm
b133d6a01100c51769edfe73842f21e5
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/capi4hylafax-4.1.7-67.i586.patch.rpm
48b02652d3efd052a99fe45346a40533
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/hylafax-4.1.7-67.src.rpm
44b246480b629ee9659ff2360999f4be

SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/hylafax-4.1.5-190.i586.rpm
a17a36e3d9779aaddc074e634c1d16c2
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/capi4hylafax-4.1.5-190.i586.rpm
f016a370c9428aaca1a4393e3fb1fa6c
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/hylafax-4.1.5-190.i586.patch.rpm
f9be5873c7f8abaae23494f98463b451
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/capi4hylafax-4.1.5-190.i586.patch.rpm
715001c063280b3ff8c3ec9c918776b9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/hylafax-4.1.5-190.src.rpm
cdf6cf2e9ad8e9f96a0a76ba03921c5a

SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/hylafax-4.1.3-145.i586.rpm
85ffa634af490894d049c2c350bd5637
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/capi4hylafax-4.1.3-145.i586.rpm
c3766b389e79820e88375127ce47246f
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/hylafax-4.1.3-145.i586.patch.rpm
f6afb37c81542e75da229db6cd1f9571
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/capi4hylafax-4.1.3-145.i586.patch.rpm
e3f1e42ab4a12d056ad440e4607214c9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/hylafax-4.1.3-145.src.rpm
6babcf169ecf60cbfc83a3f8575cdf3e

SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.rpm
e4492b144902043a38bfd71dbb683b23
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.patch.rpm
02f80c2b8b28d176bbba8a6dccda4dce
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/hylafax-4.1-303.src.rpm
c79d4be78cca347d5ecded4c6029f2b2

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/hylafax-4.1-303.i386.rpm
b42d4ff0c43cec7e09fe4c1bbf5c8226
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/hylafax-4.1-303.src.rpm
8bdce70f21a0362882947a1d4de760ae

-- Sparc Platform --

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/hylafax-4.1-122.sparc.rpm
fa187f99f0a25df1815445dbbb6a0abe
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/hylafax-4.1-122.src.rpm
227353e1b80121f3ccfabc7fb888a485

-- PPC Power PC Platform --

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/hylafax-4.1-206.ppc.rpm
4388fa7fe1aa5173e3d33bdf1c477349
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/hylafax-4.1-206.src.rpm
a95fd798a47396a077d7690a3e62986b

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------