Bugtraq mailing list archives

Re: HP-UX finger possible security hole

From: hofmann () WPAX01 PHYSIK UNI-WUERZBURG DE (hofmann () WPAX01 PHYSIK UNI-WUERZBURG DE)
Date: Wed, 27 May 1998 11:44:25 +0200


Verified this on HP/UX 10.20 (B.10.20 A 9000/778).

The string length limit actually is 80 chars. 81 will cause segfault.
Interestingly, finger only prints 48 chars of the given username. But
it does not crash until the string is longer than 80 chars.

Bye,
Frank Hofmann

Current thread:

HP-UX finger possible security hole dauphin Robert (May 25)
- <Possible follow-ups>
- Re: HP-UX finger possible security hole Walter Misar (May 26)
- Re: HP-UX finger possible security hole hofmann () WPAX01 PHYSIK UNI-WUERZBURG DE (May 27)
- Re: HP-UX finger possible security hole Nicholas Rutterford (May 29)