April 20, 2001

Security advisory for HylaFAX

Author: JT Smith

From LWN.net: The HylaFax program hfaxd(8c) implements the server part of the
HylaFax package. It is started either by inetd(8) or runs in
standalone mode. hfaxd(8c) offers three different protocols to
process fax jobs.
When hfaxd(8c) tries to change to it's queue directory and fails,
it prints an error message via syslog by directly passing user
supplied data as format string. As long as hfaxd(8c) is installed
setuid root, this behavior could be exploited to gain root access


  • Linux
Click Here!