[11375] in bugtraq
[SECURITY] New versions of cfingerd fixes root exploit
daemon@ATHENA.MIT.EDU (Aleph One)
Mon Aug 16 17:06:16 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="AjmyJqqohANyBN/e"; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <"5glVxC.A.2d.6CXt3"@murphy>
Date: Sat, 14 Aug 1999 12:08:08 -0700
Reply-To: security@debian.org
From: Aleph One <aleph1@UNDERGROUND.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
--AjmyJqqohANyBN/e
Content-Type: text/plain; charset=us-ascii
We have received a report that the all versions of cfingerd prior to
1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on
bugtraq.
We recommend you upgrade your cfingerd package immediately or disable
ALLOW_EXECUTION. The latter is turned off in the default Debian
configuration.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
-------------------------------
Source archives:
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.diff.gz
MD5 checksum: 01f1f08cb22716f3188370bb827557e4
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1.dsc
MD5 checksum: 8fd375da499ec3e0198981a97c11d5fe
Sun Sparc architecture:
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_sparc.deb
MD5 checksum: 7edc36abd55c18c0c8f9e90837ab15cb
Intel architecture:
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_i386.deb
MD5 checksum: 515bdcc9e579ce8b886341658bacaefd
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_m68k.deb
MD5 checksum: ec6f1388f5a7b407637aabc4de29a0c5
Alpha architecture:
ftp://ftp.debian.org/debian/dists/slink-proposed-updates/cfingerd_1.3.2-18.1_alpha.deb
MD5 checksum: 97123d5b5eed85c74788d0c35c20b03b
Debian GNU/Linux unstable alias potato
--------------------------------------
Source archives:
ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.diff.gz
MD5 checksum: ad4cf97b7c3f679e3b4133320cac769c
ftp://ftp.debian.org/debian/dists/unstable/main/source/net/cfingerd_1.4.0-1.dsc
MD5 checksum: c5b5448968db444ee70075087e35a294
Sun Sparc architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/cfingerd_1.4.0-1.deb
MD5 checksum: 8aa7fd61b8db6f76cb8120df3082a54e
Intel ia32 architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/cfingerd_1.4.0-1.deb
MD5 checksum: a33ea81eb429c7b734a2769685c1131a
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/cfingerd_1.4.0-1.deb
MD5 checksum: 09b035f723bb9dd831e7d3a23f80f2f7
Alpha architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/cfingerd_1.4.0-1.deb
MD5 checksum: a3ecf841a966487fa888a6b4e9f92bc7
PowerPC architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/cfingerd_1.4.0-1.deb
MD5 checksum: 011da6d4cacaaf78304559606ff2f05e
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--AjmyJqqohANyBN/e
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN7VwqhRNm5Suj3z1AQFYgAP/WLS7/iONV2u3/yOr3op8ttSBJLsSEW+B
F3OE6BOYUWctXmphEz2jU0u6kE3meFiPuoW5vPLb7RfYTYl+2fERISohElj9mS/8
3uyZsykEScLgD+tv0Ryo5ryXqqUgfx4Z+pH3kNU9y7EAabNKAqSIOdtsoMkWs8OF
vxttmTzB1gA=
=d26F
-----END PGP SIGNATURE-----
--AjmyJqqohANyBN/e--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
