CVE-2003-0886

Hylafax <= 4.1.7 - Remote Code Execution via Format String Vulnerability

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0886. PoCs published by Sebastian Krahmer.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in Hylafax hfaxd to achieve remote code execution as root. It uses a chroot-breaking shellcode that mounts the proc filesystem, modifies the modprobe path, and triggers a back-connecting shell.

Description

Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sebastian Krahmer · cremotelinux
https://www.exploit-db.com/exploits/23371

This exploit leverages a format string vulnerability in Hylafax hfaxd to achieve remote code execution as root. It uses a chroot-breaking shellcode that mounts the proc filesystem, modifies the modprobe path, and triggers a back-connecting shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Hylafax hfaxd (version 4.1.5-43)
No auth needed
Prerequisites: ServerTracing level set to at least 0x002 in hfaxd.conf · Network access to the Hylafax service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-401
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106858898708752&w=2
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2003_045_hylafax.html
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:105

Scores

EPSS 0.1206
EPSS Percentile 95.6%

Details

Status published
Products (7)
hylafax/hylafax 4.1
hylafax/hylafax 4.1.1
hylafax/hylafax 4.1.2
hylafax/hylafax 4.1.3
hylafax/hylafax 4.1.5
hylafax/hylafax 4.1.6
hylafax/hylafax 4.1.7
Published Dec 01, 2003
Tracked Since Feb 18, 2026