Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: cfingerd 1.3.2
From: andreas () ANDREAS ORG (Andreas Bogk)
Date: Sat, 3 Jul 1999 17:19:41 -0400


"Larry W. Cashdollar" <lwcashd () BIW COM> writes:

An easy and quick Patch for cfingerd 1.3.2. if you really need to run finger.

If you _really_ want to run finger without having to worry, you should
use dfingerd by David Lichteblau. It is modelled after ffingerd by
Felix von Leitner.

The ffingerd blurb says:

 It disallows symbolic links as ~/.plan and ~/.project files, does not
 display unnecessary but potentially useful information for an attacker,
 like the shell or the home directory and disallows indirect and @host
 queries.  A compile time option is fascist logging (even positive queries
 are syslogged).

You can get ffingerd at

 ftp://ftp.fu-berlin.de/pub/unix/security/ffingerd/ffingerd-1.21.tar.gz

dfingerd has an identical feature set, but is written in Dylan. Since
amongst the many features of Dylan are bounds checking for arrays and
dynamically growing strings, this should eliminate all buffer
overflows and associated exploits. You can find out about Dylan at:

 http://www.gwydiondylan.org/

and you can get dfingerd at

 ftp://berlin.ccc.de/pub/gd/contributions/dfingerd-0.2.tar.gz

Andreas

--
"We show that all proposed quantum bit commitment schemes are insecure because
the sender, Alice, can almost always cheat successfully by using an
Einstein-Podolsky-Rosen type of attack and delaying her measurement until she
opens her commitment." ( http://xxx.lanl.gov/abs/quant-ph/9603004 )



  By Date           By Thread  

Current thread:
  • cfingerd 1.3.2 Salvatore Sanfilippo -antirez- (Jul 01)
    • <Possible follow-ups>
    • Re: cfingerd 1.3.2 Larry W. Cashdollar (Jul 02)
    • Re: cfingerd 1.3.2 Andreas Bogk (Jul 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]