[154] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: finger @ bug

daemon@ATHENA.MIT.EDU (Daniel Hollis)
Mon Mar 13 17:44:55 1995

From: dhollis@hq.jcic.org (Daniel Hollis)
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Mar 1995 12:25:32 -0800 (PST)
In-Reply-To:  <9503131458.aa06647@ci3ux.ci.pwr.wroc.pl> from "Marek Michalkiewicz" at Mar 13, 95 02:58:31 pm
Reply-To: linux-security@tarsier.cv.nrao.edu

> in.fingerd has a bug which allows "recursive" fingering.  For example:
> 
> finger user@host.other.domain@host.domain
> 
> I have sent a patch for this to Florian.  You can get fixed in.fingerd
> source from ftp://ftp.ists.pwr.wroc.pl/pub/linux/bugfixes/fingerd.tar.gz
> or wait for a new NetKit-B release.

This has been known for a *long* time. Almost a year. The patches have 
already been available on sunsite for ages. The solution is to run a 
patched in.fingerd, or a different fingerd altogether, like cfingerd.

-Dan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[154] in linux-security and linux-alert archive

Re: finger @ bug

daemon@ATHENA.MIT.EDU (Daniel Hollis)Mon Mar 13 17:44:55 1995

daemon@ATHENA.MIT.EDU (Daniel Hollis)
Mon Mar 13 17:44:55 1995