Mandrake Linux Security Advisory : hylafax (MDKSA-2001:041)
High Nessus Plugin ID 61912
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA problem exists with the HylaFAX program, hfaxd. When hfaxd tries to change it's queue directory and fails, it prints an error message via syslog by directly passing user-supplied data as the format string. If hfaxd is installed setuid root, this behaviour can be exploited to gain root access locally. Note that Linux-Mandrake does not ship hfaxd setuid root by default.
SolutionUpdate the affected hylafax, hylafax-client and / or hylafax-server packages.