• info
• discussion
• exploit
• solution
• references

Hylafax HFaxD Unspecified Format String Vulnerability

Solution:

SuSE have released an advisory (SuSE-SA:2003:045) and fixes to address this issue on SuSE platforms. Users who are potentially affected by this issue are advised to download and install the applicable fixes as soon as possible. Further details regarding obtaining and applying fixes can be found in the referenced advisory.

Mandrake has released advisory MDKSA-2003:105 containing fix information for this issue. See the attached advisory for links to fixes.

Conectiva has released advisory CLA-2003:783 to address this issue.

Debian has released an advisory (DSA 401-1) and fixes to address this issue. See the referenced advisory for links to updated packages.

Gentoo has released an advisory that includes fixes to address this issue. Fixes can be applied with the following commands:

emerge --sync
emerge '>=net-misc/hylafax-4.1.8'
emerge clean

Hylafax has also released version 4.1.8 which addresses this issue.


Hylafax Hylafax 4.1

• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz

Hylafax Hylafax 4.1.1

• Debian hylafax-client_4.1.1-3_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_alpha.deb


• Debian hylafax-client_4.1.1-3_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_arm.deb


• Debian hylafax-client_4.1.1-3_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_hppa.deb


• Debian hylafax-client_4.1.1-3_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_i386.deb


• Debian hylafax-client_4.1.1-3_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_ia64.deb


• Debian hylafax-client_4.1.1-3_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_m68k.deb


• Debian hylafax-client_4.1.1-3_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_powerpc.deb


• Debian hylafax-client_4.1.1-3_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_s390.deb


• Debian hylafax-client_4.1.1-3_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_ 4.1.1-3_sparc.deb


• Debian hylafax-doc_4.1.1-3_all.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1 .1-3_all.deb


• Debian hylafax-server_4.1.1-3_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_alpha.deb


• Debian hylafax-server_4.1.1-3_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_arm.deb


• Debian hylafax-server_4.1.1-3_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_hppa.deb


• Debian hylafax-server_4.1.1-3_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_i386.deb


• Debian hylafax-server_4.1.1-3_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_ia64.deb


• Debian hylafax-server_4.1.1-3_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_m68k.deb


• Debian hylafax-server_4.1.1-3_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_powerpc.deb


• Debian hylafax-server_4.1.1-3_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_s390.deb


• Debian hylafax-server_4.1.1-3_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_ 4.1.1-3_sparc.deb


• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz

Hylafax Hylafax 4.1.2

• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz

Hylafax Hylafax 4.1.3

• Conectiva hylafax-4.1.3-19097U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/hylafax-4.1.3-19097U90_1cl. i386.rpm


• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz


• Mandrake hylafax-4.1.3-5.1.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-4.1.3-5.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-client-4.1.3-5.1.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-client-4.1.3-5.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-client-4.1.3-5.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-server-4.1.3-5.1.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-server-4.1.3-5.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-server-4.1.3-5.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-4.1.3-5.1.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-4.1.3-5.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-devel-4.1.3-5.1.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-devel-4.1.3-5.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/X86_64
  http://www.linux-mandrake.com/en/ftp.php3

Hylafax Hylafax 4.1.5

• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz


• Mandrake hylafax-4.1.5-1.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-client-4.1.5-1.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-server-4.1.5-1.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-4.1.5-1.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-devel-4.1.5-1.1.91mdk.i586.rpm
  Mandrake Linux 9.1
  http://www.linux-mandrake.com/en/ftp.php3

Hylafax Hylafax 4.1.6

• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz


• Mandrake hylafax-4.1.6-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-client-4.1.6-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake hylafax-server-4.1.6-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-4.1.6-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake libhylafax4.1.1-devel-4.1.6-3.1.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.linux-mandrake.com/en/ftp.php3

Hylafax Hylafax 4.1.7

• Hylafax hylafax-4.1.8.tar.gz
  ftp://ftp.hylafax.org/source/hylafax-4.1.8.tar.gz