Bugtraq mailing list archives
buffer overflow in configurable fingerd?
From: shuman () ANNEXGRP ORG (M Shariful Anam)
Date: Thu, 13 Feb 1997 00:39:44 +0600
Hi, While playing around with Ken Hollis's cfingerd 1.2.3 on Linux, I found out there is one or more chances of buffer overflow when reading it's config file, /etc/cfingerd.conf. Some strings are probably copied to variable without checking the length. In those situation, doing any finger from anywhere (remote/local) to the machine causes a SIGSEGV. Now, the potential problem is, cfingerd is recommended to be run as root from inetd.conf by the Author. So I think there might be a chance of getting a root exploit here on the machines running cfingerd 1.2.3 Also note that, it has another program userlist, which simply lists the users logged in, is installted as rws--S--- root.root by default, when those setu/gid bits are not needed at all! --- M Shariful Anam <shuman () kaifnet com> Kaifnet Services -- Bangladesh
Current thread:
- [linux-security] Re: Linux virus, (continued)
- [linux-security] Re: Linux virus Aleph One (Feb 06)
- setlocale() bug in all released versions of FreeBSD (SA-97:01) Aleph One (Feb 06)
- Wierd behavior of MS's NT4 DNS Jason T. Luttgens (Feb 07)
- New OFFICIAL patch for BSD/OS 2.1 (*SECURITY*) (fwd) Josh Gilliam (Feb 07)
- Bliss: The Facts Jared Mauch (Feb 08)
- view-source myst (Feb 08)
- IRIX: Bug in startmidi David Hedley (Feb 09)
- Re: IRIX: Bug in startmidi Nafees Bin Zafar (Feb 09)
- Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
- Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
- buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
- Re: buffer overflow in configurable fingerd? Ken Hollis (Feb 12)
- Security Bulletins Digest Aleph One (Feb 13)
- Linux NLSPATH buffer overflow solar () IDEAL RU (Feb 13)
- Re: Linux NLSPATH buffer overflow Alan Cox (Feb 14)
- CIAC Bulletin H-27: HP-UX vgdisplay Buffer Overrun Vulnerability Aleph One (Feb 15)
- screen 3.05.02 Khelbin Sunvold (Feb 15)
- Re: screen 3.05.02 test (Feb 16)
- Bug in apache httpd 1.1.3 Mihai Ibanescu (Feb 16)
- Re: Bug in apache httpd 1.1.3 Dean Gaudet (Feb 16)
- Announce new phf prober release Ray W. Hiltbrand (Feb 17)