Home page logo

bugtraq logo Bugtraq mailing list archives

buffer overflow in configurable fingerd?
From: shuman () ANNEXGRP ORG (M Shariful Anam)
Date: Thu, 13 Feb 1997 00:39:44 +0600


While playing around with Ken Hollis's cfingerd 1.2.3 on Linux, I found
out there is one or more chances of buffer overflow when reading it's
config file, /etc/cfingerd.conf.

Some strings are probably copied to variable without checking the length.
In those situation, doing any finger from anywhere (remote/local) to the
machine causes a SIGSEGV. Now, the potential problem is, cfingerd is
recommended to be run as root from inetd.conf by the Author. So I think
there might be a chance of getting a root exploit here on the machines
running cfingerd 1.2.3

Also note that, it has another program userlist, which simply lists the
users logged in, is installted as rws--S--- root.root by default, when
those setu/gid bits are not needed at all!

 M Shariful Anam                              <shuman () kaifnet com>

                Kaifnet Services -- Bangladesh

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]