Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningBlogCorporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > SuSE HylaFAX hfaxd Format String Vulnerability
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
SuSE HylaFAX hfaxd Format String Vulnerability
Secunia Advisory: SA10185
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2003-11-11
Last Update: 2003-11-12
Popularity: 9,341 views

Critical:
Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch

OS:SuSE Linux 7.x
SuSE Linux 8.x
SuSE Linux 9.0
SuSE Linux Desktop 1.x
SuSE Linux Enterprise Server 7
SuSE Linux Office Server
SuSE Linux Standard Server 8

Software:HylaFAX 4.x
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2003-0886
Description:
SuSE has reported a vulnerability in HylaFAX, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a format string error in hfaxd, which can be exploited to execute arbitrary code.

Successful exploitation requires that hylafax is running in a non-standard configuration with the 0x002 bit for the "ServerTracing" configuration parameter.

Solution:
The vulnerability will be fixed in HylaFAX version 4.1.8.
http://www.hylafax.org/download.html


SuSE has issued updated packages.

-- Intel i386 Platform --

SuSE-9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/hylafax-4.1.7-67.i586.rpm
598081f0d8518014c122466549d3aee2
ftp://ftp.suse.com/pub/suse/i386/upda...m/i586/capi4hylafax-4.1.7-67.i586.rpm
b440a0ac3debb15af86c55ce9648a0c9
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/upda.../i586/hylafax-4.1.7-67.i586.patch.rpm
b133d6a01100c51769edfe73842f21e5
ftp://ftp.suse.com/pub/suse/i386/upda.../capi4hylafax-4.1.7-67.i586.patch.rpm
48b02652d3efd052a99fe45346a40533
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/hylafax-4.1.7-67.src.rpm
44b246480b629ee9659ff2360999f4be

SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/hylafax-4.1.5-190.i586.rpm
a17a36e3d9779aaddc074e634c1d16c2
ftp://ftp.suse.com/pub/suse/i386/upda.../i586/capi4hylafax-4.1.5-190.i586.rpm
f016a370c9428aaca1a4393e3fb1fa6c
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/upda...i586/hylafax-4.1.5-190.i586.patch.rpm
f9be5873c7f8abaae23494f98463b451
ftp://ftp.suse.com/pub/suse/i386/upda...capi4hylafax-4.1.5-190.i586.patch.rpm
715001c063280b3ff8c3ec9c918776b9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/hylafax-4.1.5-190.src.rpm
cdf6cf2e9ad8e9f96a0a76ba03921c5a

SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/hylafax-4.1.3-145.i586.rpm
85ffa634af490894d049c2c350bd5637
ftp://ftp.suse.com/pub/suse/i386/upda.../i586/capi4hylafax-4.1.3-145.i586.rpm
c3766b389e79820e88375127ce47246f
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/upda...i586/hylafax-4.1.3-145.i586.patch.rpm
f6afb37c81542e75da229db6cd1f9571
ftp://ftp.suse.com/pub/suse/i386/upda...capi4hylafax-4.1.3-145.i586.patch.rpm
e3f1e42ab4a12d056ad440e4607214c9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/hylafax-4.1.3-145.src.rpm
6babcf169ecf60cbfc83a3f8575cdf3e

SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.rpm
e4492b144902043a38bfd71dbb683b23
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.patch.rpm
02f80c2b8b28d176bbba8a6dccda4dce
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/hylafax-4.1-303.src.rpm
c79d4be78cca347d5ecded4c6029f2b2

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/hylafax-4.1-303.i386.rpm
b42d4ff0c43cec7e09fe4c1bbf5c8226
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/hylafax-4.1-303.src.rpm
8bdce70f21a0362882947a1d4de760ae


-- Sparc Platform --

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/hylafax-4.1-122.sparc.rpm
fa187f99f0a25df1815445dbbb6a0abe
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/hylafax-4.1-122.src.rpm
227353e1b80121f3ccfabc7fb888a485


-- PPC Power PC Platform --

SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/hylafax-4.1-206.ppc.rpm
4388fa7fe1aa5173e3d33bdf1c477349
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/hylafax-4.1-206.src.rpm
a95fd798a47396a077d7690a3e62986b

Provided and/or discovered by:
SuSE Security Team

Changelog:
2003-11-12: Updated information released.

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

21st Nov, 2008
New advisories: 12
New vulnerabilities: 46
Updated advisories: 20

Highly // 631 views
Apple iPhone / iPod touch Multiple Vulnerabilities
Moderately // 301 views
vBulletin Visitor Messages Script Insertion Vulnerability
Less // 302 views
SemanticScuttle Cross-Site Scripting Vulnerabilities
Moderately // 302 views
Easyedit CMS Multiple SQL Injection Vulnerabilities
Highly // 314 views
Fedora update for thunderbird
Less // 345 views
IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities
Highly // 538 views
BitDefender Antivirus PDF Processing Memory Corruption Vulnerability
Moderately // 377 views
xt:Commerce SQL Injection Vulnerability
Less // 335 views
Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability
Not // 505 views
Checkpoint VPN-1 Information Disclosure Vulnerability

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Apple iPhone / iPod touch Multiple Vulnerabilities // 45 views
2. BitDefender Antivirus PDF Processing Memory Corruption Vulnerability // 35 views
3. Fedora update for thunderbird // 32 views
4. Checkpoint VPN-1 Information Disclosure Vulnerability // 32 views
5. vBulletin Visitor Messages Script Insertion Vulnerability // 31 views
6. Avaya CMS Solaris "sadmind" Buffer Overflow Vulnerability // 29 views
7. Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability // 29 views
8. xt:Commerce SQL Injection Vulnerability // 29 views
9. Sun Java JDK / JRE Multiple Vulnerabilities // 25 views
10. IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities // 25 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008