Bugtraq mailing list archives
Re: cfingerd vulnerability
From: mstone () ITRI LOYOLA EDU (Michael Stone)
Date: Sun, 25 May 1997 16:16:39 -0400
Quoting Edward S. Marshall (emarshal () COMMON NET):
Also, I've heard various reports of cfingerd having security problems in the past. Has anyone considered sitting down with it and doing a complete security audit? It's a nice tool to have, but if it's insecure, it presents a problem. I'm mainly concerned with buffer overruns and other similar problems, since it does require that you run it as root.
There's a patch on sunsite to make cfingerd not run as root; I haven't tried it myself, so I don't know if it's any good. You might give it a shot, though... http://sunsite.unc.edu/pub/Linux/system/network/finger/ Mike Stone
Current thread:
- Re: OOB Bug stills persists after hot fix, (continued)
- Re: OOB Bug stills persists after hot fix Ervin Fried (May 20)
- Re: OOB Bug stills persists after hot fix Ervin Fried (May 22)
- New M$ TCP/IP bug found.... got the NT Blue's yet? Kelly E. Gibbs (May 22)
- PMDF sendmail vulnerability Jonathan Rozes (May 23)
- Update to Windows 95 TCP/IP to Address Out-of-Band Issue Aleph One (May 23)
- [WinNT] Post-SP3 Hotfix Avail for Macintosh OOB DOS Attack Sam Schlansky (May 23)
- cfingerd vulnerability Rodrigo Barbosa (May 23)
- Re: cfingerd vulnerability Edward S. Marshall (May 24)
- Re: cfingerd vulnerability Ken Hollis (May 24)
- Re: cfingerd vulnerability Alan Brown (May 25)
- Re: cfingerd vulnerability Michael Stone (May 25)
- winnuke in one line of perl5.004 Randal Schwartz (May 25)
- Re: cfingerd vulnerability Felix von Leitner (May 25)
- Irix buffer overflow in /bin/df David Hedley (May 24)
- Re: Irix buffer overflow in /bin/df J.A. Gutierrez (May 24)
- Irix: Pandora's box opened Yuri Volobuev (May 24)
- BitchX p139 script the lerPer (May 24)
- ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux) Silvio Cesare (May 25)
- Re: ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linu Byron COLLIE (May 26)
- ANNOUNCE: riputils (Linux) Silvio Cesare (May 25)
- Re: Irix buffer overflow in /bin/df Lamont Granquist (May 28)