|
FreeBSD fingerd File Disclosure Vulnerability
Solution: From FreeBSD Advisory FreeBSD-SA-00:54 (attached in full in Credits section): Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE dated after the correction date. 2) Apply the patch below and rebuild your fingerd binary. Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch.asc # cd /usr/src/usr.bin/finger # patch -p < /path/to/patch_or_advisory # make all install # cd /usr/src/libexec/fingerd # make all install Patch for vulnerable 4.1.x systems: Index: finger.c =================================================================== RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v retrieving revision 1.15.2.3 retrieving revision 1.21 diff -u -r1.15.2.3 -r1.21 --- finger.c 2000/09/15 21:51:00 1.15.2.3 +++ finger.c 2000/10/05 15:56:13 1.21 @@ -293,6 +293,16 @@ goto net; /* + * Mark any arguments beginning with '/' as invalid so that we + * don't accidently confuse them with expansions from finger.conf + */ + for (p = argv, ip = used; *p; ++p, ++ip) + if (**p == '/') { + *ip = 1; + warnx("%s: no such user", *p); + } + + /* * Traverse the finger alias configuration file of the form * alias:(user|alias), ignoring comment lines beginning '#'. */ @@ -323,11 +333,11 @@ * gathering the traditional finger information. */ if (mflag) - for (p = argv; *p; ++p) { - if (**p != '/' || !show_text("", *p, "")) { + for (p = argv, ip = used; *p; ++p, ++ip) { + if (**p != '/' || *ip == 1 || !show_text("", *p, "")) { if (((pw = getpwnam(*p)) != NULL) && !hide(pw)) enter_person(pw); - else + else if (!*ip) warnx("%s: no such user", *p); } } |
|
|
Privacy Statement |
