Hylafax hfaxd Local Format String Vulnerability

HylaFAX is a telecommunication system for UNIX systems. HylaFAX includes a server that can recieve requests to send facsimile's from authorized hosts over a network.

The server binary, hfaxd, is installed setuid root by default and executable by everyone. 'hfaxd' contains a likely exploitable format string vulnerability involving the use of syslog().

Since 'hfaxd' is installed setuid root and executable by everybody, successful exploitation would provide root access to an attacker.


 

Privacy Statement
Copyright 2010, SecurityFocus