[4040] in bugtraq
buffer overflow in configurable fingerd?
daemon@ATHENA.MIT.EDU (M Shariful Anam)
Wed Feb 12 16:06:52 1997
Date: Thu, 13 Feb 1997 00:39:44 +0600
Reply-To: M Shariful Anam <shuman@ANNEXGRP.ORG>
From: M Shariful Anam <shuman@ANNEXGRP.ORG>
To: BUGTRAQ@netspace.org
Hi,
While playing around with Ken Hollis's cfingerd 1.2.3 on Linux, I found
out there is one or more chances of buffer overflow when reading it's
config file, /etc/cfingerd.conf.
Some strings are probably copied to variable without checking the length.
In those situation, doing any finger from anywhere (remote/local) to the
machine causes a SIGSEGV. Now, the potential problem is, cfingerd is
recommended to be run as root from inetd.conf by the Author. So I think
there might be a chance of getting a root exploit here on the machines
running cfingerd 1.2.3
Also note that, it has another program userlist, which simply lists the
users logged in, is installted as rws--S--- root.root by default, when
those setu/gid bits are not needed at all!
---
M Shariful Anam <shuman@kaifnet.com>
Kaifnet Services -- Bangladesh
