Bugtraq mailing list archives

Re: Another exploit for cfingerd <= 1.4.3-8

From: Phil Stracchino <alaric () babcom com>
Date: Wed, 11 Jul 2001 17:06:21 -0700

On Wed, Jul 11, 2001 at 08:19:19PM +0200, teleh0r wrote:

This is another exploit for the flaw found by Steven Van Acker.
http://www.securityfocus.com/archive/1/192844


<snip>

Tested against cfingerd 1.4.3-8.



Does anyone know whether cfingerd is actually being maintained any more,
or whether it has been abandoned?  The authors appear unresponsive, and no
"official" patch has been released that I am aware of.  The one unofficial
patch I've seen is incomplete, and does not declare the additional
variables it uses.


-- 
 Linux Now!   ..........Because friends don't let friends use Microsoft.
 phil stracchino   --   the renaissance man   --   mystic zen biker geek
        alaric () babcom com                halmayne () sourceforge net
   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

Current thread:

Another exploit for cfingerd <= 1.4.3-8 teleh0r (Jul 11)
- Re: Another exploit for cfingerd <= 1.4.3-8 Phil Stracchino (Jul 12)