[11341] in bugtraq
New cfingerd 1.4.0 - Configurable Finger Daemon
daemon@ATHENA.MIT.EDU (Martin Schulze)
Tue Aug 10 23:44:41 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=DKU6Jbt7q3WqK7+M; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990810204754.F10498@finlandia.infodrom.north.de>
Date: Tue, 10 Aug 1999 20:47:54 +0200
Reply-To: Martin Schulze <joey@infodrom.north.de>
From: Martin Schulze <joey@FINLANDIA.INFODROM.NORTH.DE>
X-To: Bugtraq <bugtraq@NETSPACE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
--DKU6Jbt7q3WqK7+M
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
After several years of development I'm happy to present a new version
of the configurable finger daemon. The original author and former
maintainer Ken Hollis has handed over development to me as stated
before. So this release is authorized.
I feel a need for this second posting because the new release also
addresses old security reports and not just the most recent one. This
release fixes all security problems that have been reported to bugtraq
before. I've went to the archive of bugtraq and found some reports
that weren't ever addressed officially but only locally on some
systems.
I've created a security web page on which I have listed these reports.
Please find them at http://www.Infodrom.North.DE/cfingerd/security.html .
Addressed security reports include:
. Don't allow userlist through search.* [May 1997]
. Don't allow userlist through search.** [May 1997]
. Buffer overflow in username [July 1999 and before]
. Root compromise through scripts [August 1998]
. Possibility to regain root access [August 1999]
Please find the new version of cfingerd at:
ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/
A general homepage has been created at
http://www.Infodrom.North.DE/cfingerd/
Regards,
Joey
--=20
Experience is something you don't get until just after you need it.
Please always Cc to me when replying to me on the lists.
--DKU6Jbt7q3WqK7+M
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN7Bz2RRNm5Suj3z1AQGnIAP/aPYN17Nwf7K6cpgbCDIsW/QnZcZSFZtr
a4FwYTmeI45moxSukkE0+njZ+e/+Ri1RGlWOCVuxtfVcAieryoEsSj0xaEKHqrlV
B3TBUxaZWR4h03hQhkhx84WYEsGqWB/lYcaPQy+r+lzBMotMWV5DlMY8HlHJdHHI
/YBCWyVD4R0=
=zzXk
-----END PGP SIGNATURE-----
--DKU6Jbt7q3WqK7+M--
