[11367] in bugtraq
Re: Severe bug in cfingerd before 1.4.0
daemon@ATHENA.MIT.EDU (Martin Schulze)
Fri Aug 13 18:00:10 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990812120025.U27123@finlandia.infodrom.north.de>
Date: Thu, 12 Aug 1999 12:00:25 +0200
Reply-To: Martin Schulze <joey@infodrom.north.de>
From: Martin Schulze <joey@FINLANDIA.INFODROM.NORTH.DE>
X-To: schake@cs.sandia.gov
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SUN.3.93.990811093938.8901B-100000@tesuque.cs.sandia.gov>;
from Stefan Chakerian on Wed, Aug 11, 1999 at 09:46:58AM -0600
Stefan Chakerian wrote:
> On Tue, 10 Aug 1999, Martin Schulze wrote:
> > A serious bug in cfingerd before version 1.4.0 has been reported.
> > It is present in all versions of cfingerd from 1.2.0 up to any
> > version of 1.3.2. If configured accordingly this bug enables any
> > local user to execute random programs with root priviledges.
>
> Cool, you can execute RANDOM programs as root? Is that kind of like
Hmm, that should read arbitrary, sorry for my poor English. It's not
my native language.
Regards,
Joey
--
The MS-DOS filesystem is nice for removable media. -- H. Peter Anvin
