[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] cfingerd remote root exploit

To: linux-security
Subject: [linux-security] cfingerd remote root exploit
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 3 May 2001 18:33:16 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
remote root exploit in cfingerd

Problem Description
===================
cfingerd has bugs in its logging code. By combining these with an off-by-one
error in the code that copied the username from an ident response cfingerd
could exploited by a remote user. Since cfingerd does not drop its root
privileges until after it has determined which user to finger an attacker
can gain root privileges.

Affected Systems
================
Systems that use cfingerd: Debian

Workaround (recommended!)
=========================
Do not run cfingerd or any finger daemon for that matter.
Comment out the corresponding line in /etc/inetd.conf and
"kill -HUP <pid of inetd>".

Solution
========
Debian 2.2 (potato)
-------------------
update to cfingerd_1.4.1-1.1_i386.deb

Prev by Date: [linux-security] local root exploit in sendfile
Next by Date: [linux-security] more pine bugs
Prev by thread: [linux-security] more pine bugs
Next by thread: [linux-security] local root exploit in sendfile
Index(es):
- Date
- Thread