|
Family: Debian Local Security Checks --> Category: infos
[DSA049] DSA-049-1 cfingerd Vulnerability Scan
Vulnerability Scan Summary DSA-049-1 cfingerd
Detailed Explanation for this Vulnerability Test
Megyer Laszlo report on Bugtraq that the cfingerd daemon as distributed
with Debian GNU/Linux 2.2 was not careful in its logging code. By
combining this with an off-by-one error in the code that copied the
username from an ident response cfingerd could be exploited by a remote
user. Since cfingerd does not drop its root rights until after
it has acertaind which user to finger a possible hacker can gain
root rights.
This has been fixed in version 1.4.1-1.1, and we recommend that you
upgrade your cfingerd package immediately.
Note: this advisory was previously posted as DSA-048-1 by mistake.
Solution : http://www.debian.org/security/2001/dsa-049
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|