<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200311-03"> <title>HylaFAX: Remote code exploit in hylafax</title> <synopsis> A format bug condition allows a remote attacjer to execute arbitrary code as the root user. </synopsis> <product type="ebuild">HylaFAX</product> <announced>2003-11-10</announced> <revised>2003-11-10: 01</revised> <bug>33368</bug> <access>remote</access> <affected> <package name="net-misc/hylafax" auto="yes" arch="*"> <unaffected range="ge">4.1.8</unaffected> <vulnerable range="le">4.1.7</vulnerable> </package> </affected> <background> <p> HylaFAX is a popular client-server fax package. </p> </background> <description> <p> During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default hylafax configuration. </p> </description> <impact type="normal"> <p> A remote attacker could execute arbitrary code with root privileges. </p> </impact> <workaround> <p> There is no known workaround at this time. </p> </workaround> <resolution> <p> Users are encouraged to perform an 'emerge sync' and upgrade the package to the latest available version. Vulnerable versions of hylafax have been removed from portage. Specific steps to upgrade: </p> <code> # emerge sync # emerge -pv '>=net-misc/hylafax-4.1.8' # emerge '>=net-misc/hylafax-4.1.8' # emerge clean</code> </resolution> <references> <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0886">CAN-2003-0886</uri> <uri link="http://www.novell.com/linux/security/advisories/2003_045_hylafax.html">SuSE Security Announcment</uri> </references> </glsa>