[21472] in bugtraq
Re: Another exploit for cfingerd <= 1.4.3-8
daemon@ATHENA.MIT.EDU (Phil Stracchino)
Thu Jul 12 03:04:01 2001
Date: Wed, 11 Jul 2001 17:06:21 -0700
From: Phil Stracchino <alaric@babcom.com>
To: teleh0r <teleh0r@digit-labs.org>
Cc: BUGTRAQ@securityfocus.com
Message-ID: <20010711170621.A2230@babylon5.babcom.com>
Mail-Followup-To: teleh0r <teleh0r@digit-labs.org>,
BUGTRAQ@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <01071120191900.00788@localhost.localdomain>; from teleh0r@digit-labs.org on Wed, Jul 11, 2001 at 08:19:19PM +0200
On Wed, Jul 11, 2001 at 08:19:19PM +0200, teleh0r wrote:
> This is another exploit for the flaw found by Steven Van Acker.
> http://www.securityfocus.com/archive/1/192844
<snip>
> Tested against cfingerd 1.4.3-8.
Does anyone know whether cfingerd is actually being maintained any more,
or whether it has been abandoned? The authors appear unresponsive, and no
"official" patch has been released that I am aware of. The one unofficial
patch I've seen is incomplete, and does not declare the additional
variables it uses.
--
Linux Now! ..........Because friends don't let friends use Microsoft.
phil stracchino -- the renaissance man -- mystic zen biker geek
alaric@babcom.com halmayne@sourceforge.net
2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
