92 matches found
Martin Schulze Cfingerd 1.4.2 - GECOS Buffer Overflow
// source: https://www.securityfocus.com/bid/651/info Under systems that allow the user to change his GECOS field from the password file and do not limit its length cfingerd is vulnerable to a local root or nobody buffer overflow. By setting a carefully designed GECOS field it is possible to...
cfingerd.txt
Date: Thu, 23 Jul 1998 23:48:21 -0500 From: John Goerzen Subject: CFINGERD root security hole SUMMARY ------- I have found out that cfingerd 1.3.2 contains a security hole that could lead to easy root compromise for any user that has an account on the local machine, but only if ALLOWEXECUTION is...
[SECURITY] New versions of cfingerd fixes root exploit
We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq. We recommend you upgrade your cfingerd package immediately or disable ALLOWEXECUTION. The latter is turned off in the default Debian configuration. wg...
[SECURITY] New versions of cfingerd fixes root exploit
We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq. We recommend you upgrade your cfingerd package immediately or disable ALLOWEXECUTION. The latter is turned off in the default Debian configuration. wg...
CVE-1999-0813
Cfingerd with ALLOWEXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges...
PT-1999-1368 · Cfingerd · Cfingerd
Name of the Vulnerable Software and Affected Versions: Cfingerd affected versions not specified Description: The issue concerns Cfingerd when ALLOW EXECUTION is enabled. It fails to properly drop privileges when executing a program on behalf of the user. This allows local users to gain root...
cfingerd Wildcard Argument Information Disclosure
The remote host is running 'cfingerd', a finger daemon. There is a bug in the remote cfinger daemon that allows a remote attacker to get the lists of the users of this system when issuing the command : finger search.@victim This information can be used by a remote attacker to mount further attack...
CVE-1999-0243
Linux cfingerd could be exploited to gain root access...
[SECURITY] New versions of cfingerd fixes root compromise
We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...
[SECURITY] New versions of cfingerd fixes root compromise
We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...
CVE-1999-0259
cfingerd lists all users on a system via search.@target...
PT-1997-1113 · Cfingerd · Cfingerd
Name of the Vulnerable Software and Affected Versions: cfingerd affected versions not specified Description: The issue allows cfingerd to list all users on a system via search. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...