Megyer Laszlo report on Bugtraq that the cfingerd daemon as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could be exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges. This has been fixed in version 1.4.1-1.1, and we recommend that you upgrade your cfingerd package immediately. Note: this advisory was previously posted as DSA-048-1 by mistake.
This has been fixed in version 1.4.1-1.1, and we recommend that you upgrade your cfingerd package immediately.
Note: this advisory was previously posted as DSA-048-1 by mistake.