Re: Security hole in cfingerd 1.4.2


Subject: Re: Security hole in cfingerd 1.4.2
From: Pete (pete@home.com)
Date: Fri May 05 2000 - 00:27:49 CEST


This is not Peter Todd's E-Mail address try again.

Thank you the real pete@home.com

Martin Schulze wrote:
>
> Peter Todd wrote:
> > You can find out stuff about the file structure of a cfingerd running
> > system by passing * and ? as fake_user arguments. For instance if you
> > use the ping fake user script in the examples you can check if /tmp
> > exists by running finger "ping./tm?@somesite" If /tmp exists ping will
> > say "Performing a ping to /tmp" if not it will say "Performing a ping
> > to /tm?"
> >
> > You don't seem to escape * and ? in the safe_exec() code. I would have
> > made a patch myself but I didn't know what repercussions that would
> > have...
>
> diff -u or diff -NuR would be fine.
>
> A patch is appreciated.
>
> Regards,
>
> Joey
>
> --
> GNU GPL: "The source will be with you... always."



This archive was generated by hypermail 2b25 : Fri May 05 2000 - 00:30:04 CEST