Your message dated Sun, 27 Aug 2006 16:03:09 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#384571: hylafax-server: DOS Vulnerabilty, Phone Call
to line modems with voice triggers getty-link which hangs 4E4 blocks
further faxing
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: hylafax-server
Version: 1:4.2.1-5sarge3
Severity: grave
Tags: security
Justification: renders package unusable
Some line modems misinterpret human voice as V.9x, etc, connection
requests. This makes the server spawn getty-link with attach to the
line modem device which locks the device 4E4 even after OnHook.
System cant fax and receive anymore until administrative action is taken
by killing getty-link and so removing device lock.
Then faxgetty recovers and reclaimes device automatically and
faxes can be send and received again.
Affected line modem devices so far:
Old US Robotics Sportster 33.6
y
tom
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (501, 'testing'), (101, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.17-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages hylafax-server depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii gawk [awk] 1:3.1.4-2 GNU awk, a pattern scanning and pr
ii gs 8.01-5 Transitional package
ii gs-afpl [gs] 8.14-3 The AFPL Ghostscript PostScript in
ii gs-esp [gs] 7.07.1-9 The Ghostscript PostScript interpr
ii gs-gpl [gs] 8.01-5 The GPL Ghostscript PostScript int
ii hylafax-client 1:4.2.1-5sarge3 Flexible client/server fax softwar
ii libc6 2.3.6-7 GNU C Library: Shared libraries
ii libgcc1 1:4.1.1-5 GCC support library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libstdc++5 1:3.3.6-7 The GNU Standard C++ Library v3
ii libtiff-tools 3.7.2-7 TIFF manipulation and conversion t
ii libtiff4 3.6.1-5 Tag Image File Format library
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii mawk [awk] 1.3.3-11 a pattern scanning and text proces
ii mime-codecs 7.19-2 Fast Quoted-Printable and BASE64 M
ii psmisc 21.5-1 Utilities that use the proc filesy
ii sed 4.1.2-8 The GNU sed stream editor
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- debconf information:
* hylafax-server/configure_note:
hylafax-server/attachment:
hylafax-server/start_now: true
--- End Message ---
--- Begin Message ---
Hi Thomas,
I read the whole report and maybe I misunderstood one point: you are
writing that the default config create the GettArgs option
in /etc/hylafax/config.ttyS?, so you tell that default config would call
getty.
I understand your point, but GettyArgs isn't enought to let hylafax call
getty: it also need the link /etc/hylafax/getty-link.
I might change hylafax in order to don't create the GettyArgs while
configuring the line, but I think this is a good help for users. And
this will not automatically activate the getty program.
I am now closing this bug report, since your problem is solved, and the
configuration done by hylafax does not trigger the problem you pointed
out.
Bye,
Giuseppe
--- End Message ---
