Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Cfingerd vulnerability

Cfingerd vulnerability

by platon on July 13th, 2001 Steven van Acker reported on bugtraq that the version of cfingerd (a configurable finger daemon) as distributed in Debian GNU/Linux 2.2 suffers from two problems.


1. The code that reads configuration files (files in which $ commands are
expanded) copied its input to a buffer without checking for a buffer
overflow. When the ALLOW_LINE_PARSING feature is enabled that
code is used for reading users files as well, so local users could exploit
this.



2. There also was a printf call in the same routine that did not protect
against printf format attacks.



Since ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf
local users could use this to gain root access.



This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade your cfingerd package immediately.



wget url will fetch the file for you

dpkg -i file.deb

will install the referenced file.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »