• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

EFax Arbitrary File Reading Vulnerability

efax is an easy-to-use fax utility that ships with a number of Linux distributions. efax also ships with the KDE desktop.

The -d command line switch may be used to read files as the EUID of efax. In cases where efax is installed setuid root, it is possible that a local attacker may use this option to read arbitrary root-owned files.

efax is not installed setuid root in most circumstances. However, it may be installed setuid root when built from scratch by a user. This is known to be the case with the version of efax that ships with the kde-2.2.1 source build and install as part of the klprfax application in the kdeutils package. The issue of efax being installed setuid root has apparently been remedied in the kde-2.2.2 source build. This does not discount the possibility of other instances where efax is installed with setuid root privileges.