Re: cfingerd vulnerability

Felix von Leitner (leitner@MATH.FU-BERLIN.DE)
Mon, 26 May 1997 02:51:57 +0200

Thus spake Rodrigo Barbosa (rodrigob@MORCEGO.LINKWAY.COM.BR):

> Hello,
> i don't know if it has been noticed before, but cfingerd installs,
> by default, a search service. You can use it as:
> finger search.username@host
> Thats ok, but you can use keymasks. And if you do:
> finger search.*@host
> you can get a list of all the users in the system.
> I've tried it if cfinger 1.2.2 (probably it is not the latest version).

May I point to my ffingerd which was written to get rid of this kind of
problem with finger daemons?

Even comes with ./configure for easy installation.


Fire, water and government know nothing of mercy.
        --Albanian Proverb

This archive was generated by hypermail 2.0b3 on Sun Aug 08 1999 - 09:37:50 CEST