efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message.
http://www.securityfocus.com/bid/3895
http://www.iss.net/security_center/static/7921.php