GOBBLES wrote: > We have discovered a remote vulnerability in Berkeley finger, which is > somewhat trivial to exploit. The vendor has been notified Urh, right. This is an old hole in a really old script, not a new hole in the actual finger daemon itself. Simple input validation hole, really. If anyone's still using that old code without any modification then, well, enough said I guess. In fact, in this day and age if someone still has a publically available finger script, then... Graeme
This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 08:20:12 PST