Originally Published: Wednesday, 11 August 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

cfingerd 1.4 released

In a followup post to BugTraq, Martin Schulze announced the availability of cfingerd 1.4.0, a copy of the post is available.

   Page 1 of 1  

After several years of development I'm happy to present a new version of the configurable finger daemon. The original author and former maintainer Ken Hollis has handed over development to me as stated before. So this release is authorized.

I feel a need for this second posting because the new release also addresses old security reports and not just the most recent one. This release fixes all security problems that have been reported to bugtraq before. I've went to the archive of bugtraq and found some reports that weren't ever addressed officially but only locally on some systems.

I've created a security web page on which I have listed these reports. Please find them at http://www.Infodrom.North.DE/cfingerd/security.html .

Addressed security reports include:

. Don't allow userlist through search.* [May 1997] . Don't allow userlist through search.** [May 1997] . Buffer overflow in username [July 1999 and before] . Root compromise through scripts [August 1998] . Possibility to regain root access [August 1999]

Please find the new version of cfingerd at:

ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/

A general homepage has been created at

http://www.Infodrom.North.DE/cfingerd/

Regards,

Joey

-- Experience is something you don't get until just after you need it.

Please always Cc to me when replying to me on the lists.





   Page 1 of 1