mailing list archives
buffer overflow in configurable fingerd?
From: shuman () ANNEXGRP ORG (M Shariful Anam)
Date: Thu, 13 Feb 1997 00:39:44 +0600
While playing around with Ken Hollis's cfingerd 1.2.3 on Linux, I found
out there is one or more chances of buffer overflow when reading it's
config file, /etc/cfingerd.conf.
Some strings are probably copied to variable without checking the length.
In those situation, doing any finger from anywhere (remote/local) to the
machine causes a SIGSEGV. Now, the potential problem is, cfingerd is
recommended to be run as root from inetd.conf by the Author. So I think
there might be a chance of getting a root exploit here on the machines
running cfingerd 1.2.3
Also note that, it has another program userlist, which simply lists the
users logged in, is installted as rws--S--- root.root by default, when
those setu/gid bits are not needed at all!
M Shariful Anam <shuman () kaifnet com>
Kaifnet Services -- Bangladesh
- [linux-security] Re: Linux virus, (continued)