Bugtraq mailing list archives
Re: cfingerd vulnerability
From: leitner () MATH FU-BERLIN DE (Felix von Leitner)
Date: Mon, 26 May 1997 02:51:57 +0200
Thus spake Rodrigo Barbosa (rodrigob () MORCEGO LINKWAY COM BR):
Hello, i don't know if it has been noticed before, but cfingerd installs, by default, a search service. You can use it as: finger search.username@host Thats ok, but you can use keymasks. And if you do: finger search.*@host you can get a list of all the users in the system. I've tried it if cfinger 1.2.2 (probably it is not the latest version).
May I point to my ffingerd which was written to get rid of this kind of problem with finger daemons? ftp://ftp.fu-berlin.de/pub/unix/security/ffingerd/ Even comes with ./configure for easy installation. Felix -- Fire, water and government know nothing of mercy. --Albanian Proverb
Current thread:
- New M$ TCP/IP bug found.... got the NT Blue's yet?, (continued)
- New M$ TCP/IP bug found.... got the NT Blue's yet? Kelly E. Gibbs (May 22)
- PMDF sendmail vulnerability Jonathan Rozes (May 23)
- Update to Windows 95 TCP/IP to Address Out-of-Band Issue Aleph One (May 23)
- [WinNT] Post-SP3 Hotfix Avail for Macintosh OOB DOS Attack Sam Schlansky (May 23)
- cfingerd vulnerability Rodrigo Barbosa (May 23)
- Re: cfingerd vulnerability Edward S. Marshall (May 24)
- Re: cfingerd vulnerability Ken Hollis (May 24)
- Re: cfingerd vulnerability Alan Brown (May 25)
- Re: cfingerd vulnerability Michael Stone (May 25)
- winnuke in one line of perl5.004 Randal Schwartz (May 25)
- Re: cfingerd vulnerability Felix von Leitner (May 25)
- Irix buffer overflow in /bin/df David Hedley (May 24)
- Re: Irix buffer overflow in /bin/df J.A. Gutierrez (May 24)
- Irix: Pandora's box opened Yuri Volobuev (May 24)
- BitchX p139 script the lerPer (May 24)
- ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linux) Silvio Cesare (May 25)
- Re: ANNOUNCE: chkwtmp, a wtmp intrusion detection anaylzer (Linu Byron COLLIE (May 26)
- ANNOUNCE: riputils (Linux) Silvio Cesare (May 25)
- Re: Irix buffer overflow in /bin/df Lamont Granquist (May 28)