|
| Current Newswire:
Debian Security Advisory: remote cfingerd exploitApr 19, 2001, 03:46 (0 Talkback[s])Date: Thu, 19 Apr 2001 03:02:24 +0200 From: Wichert Akkerman <wichert@cistron.nl> Subject: [SECURITY] [DSA-048-1] remote cfingerd exploit Debian Security Advisory DSA-048-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman April 19, 2001 Package : cfingerd Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges. This has been fixed in version 1.4.1-1.1, and we recommend that you upgrade your cfingerd package immediately. wget url will fetch the file for you will install the referenced file. Debian GNU/Linux 2.2 alias potato Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory: ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ . apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org |