[17051] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [sa2c@and.or.jp: bin/21704: enabling fingerd makes files

daemon@ATHENA.MIT.EDU (Warner Losh)
Wed Oct 4 16:11:32 2000

Message-Id:  <200010041736.LAA37874@harmony.village.org>
Date:         Wed, 4 Oct 2000 11:36:40 -0600
Reply-To: Warner Losh <imp@VILLAGE.ORG>
From: Warner Losh <imp@VILLAGE.ORG>
X-To:         Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Tue, 03 Oct 2000 20:18:12 +0200." 
              <20001003201812.K6009@riget.scene.pl>

In message <20001003201812.K6009@riget.scene.pl> Przemyslaw Frasunek writes:
: BTW. Problem persists only in 4.x branch. Of course, it allows also
: to traverse directory structures:

The problem was fixed in the 4.x branch:

revision 1.15.2.4
date: 2000/10/02 22:28:46;  author: brian;  state: Exp;  lines: +11 -1
MFC: Don't allow finger /somefile, only allow filname expansions from
     inside /etc/finger.conf

Warner


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17051] in bugtraq

Re: [sa2c@and.or.jp: bin/21704: enabling fingerd makes files

daemon@ATHENA.MIT.EDU (Warner Losh)Wed Oct 4 16:11:32 2000

daemon@ATHENA.MIT.EDU (Warner Losh)
Wed Oct 4 16:11:32 2000