Nessus Plugin #14886
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA049] DSA-049-1 cfingerd
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-049-1 cfingerd
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2001-0609
- Bugtraq_id:
- 2576
- Xrefs:
- DSA:049
- Description:
Megyer Laszlo report on Bugtraq that the cfingerd daemon as distributed
with Debian GNU/Linux 2.2 was not careful in its logging code. By
combining this with an off-by-one error in the code that copied the
username from an ident response cfingerd could be exploited by a remote
user. Since cfingerd does not drop its root privileges until after
it has determined which user to finger an attacker can gain
root privileges.
This has been fixed in version 1.4.1-1.1, and we recommend that you
upgrade your cfingerd package immediately.
Note: this advisory was previously posted as DSA-048-1 by mistake.
Solution : http://www.debian.org/security/2001/dsa-049
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.