HylaFAX is "a mature (est. 1991) enterprise-class open source software package for sending and receiving facsimiles as well as for sending alpha-numeric pages. It runs on a wide variety of UNIX-like platforms including Linux, BSD (including Mac OS X), SunOS and Solaris, SCO, IRIX, AIX, and HP-UX".
The SuSE Security Team recently audited the HylaFAX daemon (hfaxd) and discovered a remotely exploitable format string vulnerability.
A vulnerable host must have set the 0x002 bit for the ServerTracing configuration parameter. This is not the default setting for the HylaFAX installation, but it is not an uncommon configuration when troubleshooting HylaFAX operation.
The information has been provided by Lee Howard.
* HylaFAX version 4.1.7 and prior
* HylaFAX version 4.1.8
HylaFAX development has released the 4.1.8 patch-level code release which includes the fix for this format string vulnerability as contributed by SuSE. All users are strongly encouraged to upgrade.