Re: cfingerd vulnerability

Felix von Leitner (leitner@MATH.FU-BERLIN.DE)
Mon, 26 May 1997 02:51:57 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Robert Stone: "Re: BoS: cfingerd vulnerability"
• Previous message: Michael Stone: "Re: cfingerd vulnerability"
• In reply to: Edward S. Marshall: "Re: cfingerd vulnerability"
• Next in thread: Robert Stone: "Re: BoS: cfingerd vulnerability"

Thus spake Rodrigo Barbosa (rodrigob@MORCEGO.LINKWAY.COM.BR):

> Hello,
> i don't know if it has been noticed before, but cfingerd installs,
> by default, a search service. You can use it as:
>
> finger search.username@host
>
> Thats ok, but you can use keymasks. And if you do:
>
> finger search.*@host
>
> you can get a list of all the users in the system.
>
> I've tried it if cfinger 1.2.2 (probably it is not the latest version).

May I point to my ffingerd which was written to get rid of this kind of
problem with finger daemons?

  ftp://ftp.fu-berlin.de/pub/unix/security/ffingerd/

Even comes with ./configure for easy installation.

Felix

--
Fire, water and government know nothing of mercy.
        --Albanian Proverb

• Next message: Robert Stone: "Re: BoS: cfingerd vulnerability"
• Previous message: Michael Stone: "Re: cfingerd vulnerability"
• In reply to: Edward S. Marshall: "Re: cfingerd vulnerability"
• Next in thread: Robert Stone: "Re: BoS: cfingerd vulnerability"

This archive was generated by hypermail 2.0b3 on Sun Aug 08 1999 - 10:47:53 CEST