• info
• discussion
• exploit
• solution
• references

BSD fingerd buffer overflow Vulnerability

fingerd is a remote user information server that implements
the protocol defined in RFC742. There exists a buffer
overflow in finderd that allows a remote attacker to execute
any local binaries.

finderd reads input from its socket using the gets()
standard C library call passing it a 512-byte automatic
buffer allocated in main(). gets() reads the input and
stores it into the buffer without performing any bounds
checking. This results in a standard stack buffer
overflow when main() return.

The Internet Worm exploited this vulnerability.