hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote malicious users to gain privileges.
ifax solutions hylafax 4.2.3