• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

cfingerd Utilities Buffer Overflow Vulnerability

Solution:
Steven Van Acker <deepstar@ulyssis.org> supplied this fix:

on line 181:
while((newpos < 80) && (line[pos] != ' ') && (!done)) {
^^^^^^^^^^^^^^^^^
on line 301:
printf("%s",displine);
^^^^^

Then recompile.

Debian has released upgraded packages.


Martin Schulze Cfingerd 1.4.1

• Debian 2.2 alpha cfingerd_1.4.1-1.2_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/cfin gerd_1.4.1-1.2_alpha.deb


• Debian 2.2 arm cfingerd_1.4.1-1.2_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/cfinge rd_1.4.1-1.2_arm.deb


• Debian 2.2 i386 cfingerd_1.4.1-1.2_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/cfing erd_1.4.1-1.2_i386.deb


• Debian 2.2 m68k cfingerd_1.4.1-1.2_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/cfing erd_1.4.1-1.2_m68k.deb


• Debian 2.2 ppc cfingerd_1.4.1-1.2_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/cf ingerd_1.4.1-1.2_powerpc.deb


• Debian 2.2 sparc cfingerd_1.4.1-1.2_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/cfin gerd_1.4.1-1.2_sparc.deb