RE: New Remote Hole found in Berkeley Fingerd!

From: Graeme Fowler (graeme.fowlerat_private)
Date: Wed Nov 21 2001 - 03:40:15 PST

Next message: Olaf Kirch: "Re: New Remote Hole found in Berkeley Fingerd!"

Previous message: 3APA3A: "Re: New Remote Hole found in Berkeley Fingerd!"
Maybe in reply to: vuln-dev: "New Remote Hole found in Berkeley Fingerd!"
Next in thread: Olaf Kirch: "Re: New Remote Hole found in Berkeley Fingerd!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

GOBBLES wrote:

> We have discovered a remote vulnerability in Berkeley finger, which is
> somewhat trivial to exploit.  The vendor has been notified 

Urh, right. This is an old hole in a really old script, not a new hole in
the actual finger daemon itself.

Simple input validation hole, really. If anyone's still using that old code
without any modification then, well, enough said I guess. In fact, in this
day and age if someone still has a publically available finger script,
then...

Graeme

Next message: Olaf Kirch: "Re: New Remote Hole found in Berkeley Fingerd!"
Previous message: 3APA3A: "Re: New Remote Hole found in Berkeley Fingerd!"
Maybe in reply to: vuln-dev: "New Remote Hole found in Berkeley Fingerd!"
Next in thread: Olaf Kirch: "Re: New Remote Hole found in Berkeley Fingerd!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 08:20:12 PST