Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:055 (hylafax)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50832

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:055 (hylafax)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to hylafax
announced via advisory MDKSA-2002:055.

Numerous vulnerabilities in the HylaFAX product exist in versions prior
to 4.1.3. It does not check the TSI string which is received from
remote FAX systems before using it in logging and other places. A
remote sender using a specially formatted TSI string can cause the
faxgetty program to segfault, resulting in a denial of service. Format
string vulnerabilities were also discovered by Christer Oberg, which
exist in a number of utilities bundled with HylaFax, such as faxrm,
faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these
tools are setuid, they could be used to elevate system privileges.
Mandrake Linux does not, by default, install these tools setuid.
Finally, Lee Howard discovered that faxgetty would segfault due to a
buffer overflow after receiving a very large line of image data. This
vulnerability could conceivably be used to execute arbitrary commands
on the system as root, and could also be exploited more easily as a
denial of sevice.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:055
http://www.securityfocus.com/archive/1/215984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1034
http://www.securityfocus.com/bid/3357

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 3357
Common Vulnerability Exposure (CVE) ID: CVE-2001-1034
http://www.securityfocus.com/bid/3357
Bugtraq: 20010923 hylafax (Google Search)
http://www.securityfocus.com/archive/1/215984
XForce ISS Database: hylafax-hostname-format-string(7164)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7164

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50832
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:055 (hylafax)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to hylafax announced via advisory MDKSA-2002:055. Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:055 http://www.securityfocus.com/archive/1/215984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1034 http://www.securityfocus.com/bid/3357 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 3357 Common Vulnerability Exposure (CVE) ID: CVE-2001-1034 http://www.securityfocus.com/bid/3357 Bugtraq: 20010923 hylafax (Google Search) http://www.securityfocus.com/archive/1/215984 XForce ISS Database: hylafax-hostname-format-string(7164) https://exchange.xforce.ibmcloud.com/vulnerabilities/7164
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com