HylaFAX faxgetty TSI Format String DoS

2002-07-29T23:14:19
ID OSVDB:5002
Type osvdb
Reporter Christer Oberg()
Modified 2002-07-29T23:14:19

Description

Vulnerability Description

HylaFAX faxgetty contains a flaw that may allow a remote denial of service. The issue is triggered when format string occurs via the TSI data element, which may allow for an attacker to casue the service to stop responding and or execute arbitrary code on the targeted host.

Solution Description

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

HylaFAX faxgetty contains a flaw that may allow a remote denial of service. The issue is triggered when format string occurs via the TSI data element, which may allow for an attacker to casue the service to stop responding and or execute arbitrary code on the targeted host.

References:

Vendor URL: http://www.hylafax.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html ISS X-Force ID: 9728 CVE-2002-1049 Bugtraq ID: 5348