--DKU6Jbt7q3WqK7+M Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable After several years of development I'm happy to present a new version of the configurable finger daemon. The original author and former maintainer Ken Hollis has handed over development to me as stated before. So this release is authorized. I feel a need for this second posting because the new release also addresses old security reports and not just the most recent one. This release fixes all security problems that have been reported to bugtraq before. I've went to the archive of bugtraq and found some reports that weren't ever addressed officially but only locally on some systems. I've created a security web page on which I have listed these reports. Please find them at http://www.Infodrom.North.DE/cfingerd/security.html . Addressed security reports include: . Don't allow userlist through search.* [May 1997] . Don't allow userlist through search.** [May 1997] . Buffer overflow in username [July 1999 and before] . Root compromise through scripts [August 1998] . Possibility to regain root access [August 1999] Please find the new version of cfingerd at: ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/ A general homepage has been created at http://www.Infodrom.North.DE/cfingerd/ Regards, Joey --=20 Experience is something you don't get until just after you need it. Please always Cc to me when replying to me on the lists. --DKU6Jbt7q3WqK7+M Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBN7Bz2RRNm5Suj3z1AQGnIAP/aPYN17Nwf7K6cpgbCDIsW/QnZcZSFZtr a4FwYTmeI45moxSukkE0+njZ+e/+Ri1RGlWOCVuxtfVcAieryoEsSj0xaEKHqrlV B3TBUxaZWR4h03hQhkhx84WYEsGqWB/lYcaPQy+r+lzBMotMWV5DlMY8HlHJdHHI /YBCWyVD4R0= =zzXk -----END PGP SIGNATURE----- --DKU6Jbt7q3WqK7+M--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:54 PDT