Mailinglist Archive: opensuse-security (78 mails)
| < Previous | Next > |
Problem with last Hylafax update (notify script)
- From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
- Date: Wed, 25 Jan 2006 23:38:19 +0100 (CET)
- Message-id: <Pine.LNX.4.61.0601252324590.8192@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After updating hylafax by YOU, in SuSE 9.3, to version
"hylafax-4.2.1-4.3", notify email is not sent:
Jan 25 21:23:11 nimrodel FaxSend[8086]: MODEM U.S. ROBOTICS 56K FAX /
Jan 25 21:23:11 nimrodel FaxSend[8086]: SEND FAX: JOB 11 DEST 915811939 COMMID 000000023 DEVICE '/dev/modem'
Jan 25 21:24:50 nimrodel FaxSend[8086]: SEND FAX: JOB 11 SENT in 1:17
Jan 25 21:24:51 nimrodel FaxQueuer[7765]: NOTIFY: bin/notify "doneq/q11" "done" "1:55"
Jan 25 21:24:52 nimrodel FaxQueuer[7765]: NOTIFY exit status: 0 (8135)
* Jan 25 21:24:51 nimrodel postfix/sendmail[8143]: fatal: No recipient addresses found in message header
Jan 25 21:25:08 nimrodel FaxGetty[7745]: MODEM U.S. ROBOTICS 56K FAX /
This patch modified precisely the notify script:
| Longdescription.english:
| This update fixes an issue in the hylafax notify script,
| which could maybe be used by remote attackers with a valid
| faxuser account to run arbitrary commands.
I would recommend not to apply it till SuSE corrects the problem. I'll
probably roll back.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFD1/3mtTMYHG2NR9URAtRhAJwNKXwBx/zXD+fDY4IFp/Ivs5aHjwCfVpff
ULmUIV9ndb9mpr6LmQTA/Ss=
=EDj0
-----END PGP SIGNATURE-----
Hash: SHA1
After updating hylafax by YOU, in SuSE 9.3, to version
"hylafax-4.2.1-4.3", notify email is not sent:
Jan 25 21:23:11 nimrodel FaxSend[8086]: MODEM U.S. ROBOTICS 56K FAX /
Jan 25 21:23:11 nimrodel FaxSend[8086]: SEND FAX: JOB 11 DEST 915811939 COMMID 000000023 DEVICE '/dev/modem'
Jan 25 21:24:50 nimrodel FaxSend[8086]: SEND FAX: JOB 11 SENT in 1:17
Jan 25 21:24:51 nimrodel FaxQueuer[7765]: NOTIFY: bin/notify "doneq/q11" "done" "1:55"
Jan 25 21:24:52 nimrodel FaxQueuer[7765]: NOTIFY exit status: 0 (8135)
* Jan 25 21:24:51 nimrodel postfix/sendmail[8143]: fatal: No recipient addresses found in message header
Jan 25 21:25:08 nimrodel FaxGetty[7745]: MODEM U.S. ROBOTICS 56K FAX /
This patch modified precisely the notify script:
| Longdescription.english:
| This update fixes an issue in the hylafax notify script,
| which could maybe be used by remote attackers with a valid
| faxuser account to run arbitrary commands.
I would recommend not to apply it till SuSE corrects the problem. I'll
probably roll back.
- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFD1/3mtTMYHG2NR9URAtRhAJwNKXwBx/zXD+fDY4IFp/Ivs5aHjwCfVpff
ULmUIV9ndb9mpr6LmQTA/Ss=
=EDj0
-----END PGP SIGNATURE-----
| < Previous | Next > |