From: Waldo Bastian <firstname.lastname@example.org>
To: email@example.com, firstname.lastname@example.org, email@example.com
Subject: SECURITY: efax
Date: 09 Nov 2001 17:36:58 -0800
The program "efax" which is distributed as part of the klprfax program in the
kdeutils module poses a security risk when installed suid. "efax" has been
part of KDE 2.2 and KDE 2.2.1 and is installed suid by default.
Scope: a local user can gain root privileges by exploiting a bug in "efax".
Solution: Remove the suid bit from the "efax" executable. This can be done
with the following command:
chmod -s `locate bin/efax`
"efax" will continue to work as before as long as users have sufficient rights
to create lock files in the system lock directory (like /var/lock) and
sufficient rights to open the modem device.
firstname.lastname@example.org | SuSE Labs KDE Developer | email@example.com
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.