Hylafax Hostname Format String Vulnerability

Hylafax is a software package designed to handle the transmission of faxes.

A problem has been discovered in Hylafax. A format string vulnerability makes it possible for users to potentially execute arbitrary code on some implementations. Due to the insufficient checking of input, it's possible to execute a format string attack. This only affects systems with the faxrm and faxalter programs installed setuid.

This makes it possible for a local user to gain elevated privileges, and potentially administrative access.


Privacy Statement
Copyright 2010, SecurityFocus