[6845] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: HP-UX finger possible security hole

daemon@ATHENA.MIT.EDU (hofmann@WPAX01.PHYSIK.UNI-WUERZBUR)
Thu May 28 14:05:11 1998

Date: 	Wed, 27 May 1998 11:44:25 +0200
Reply-To: hofmann@WPAX01.PHYSIK.UNI-WUERZBURG.DE
From: hofmann@WPAX01.PHYSIK.UNI-WUERZBURG.DE
To: BUGTRAQ@NETSPACE.ORG

Verified this on HP/UX 10.20 (B.10.20 A 9000/778).

The string length limit actually is 80 chars. 81 will cause segfault.
Interestingly, finger only prints 48 chars of the given username. But
it does not crash until the string is longer than 80 chars.

Bye,
Frank Hofmann


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6845] in bugtraq

Re: HP-UX finger possible security hole

daemon@ATHENA.MIT.EDU (hofmann@WPAX01.PHYSIK.UNI-WUERZBUR)Thu May 28 14:05:11 1998

daemon@ATHENA.MIT.EDU (hofmann@WPAX01.PHYSIK.UNI-WUERZBUR)
Thu May 28 14:05:11 1998