cfingerd Format String Vulnerability

A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code.

cfingerd queries and logs the remote username of users of the service. If an attacker sets up a remote machine that returns specific format strings instead of a valid username, and connects to cfingerd from that machine, he can exploit the format string bugs. Because cfingerd runs as root, this means the attacker gains full control of the cfingerd host.

An exploit is available against x86 versions of cfingerd.


Privacy Statement
Copyright 2010, SecurityFocus