After several years of development I'm happy to present a new version
of the configurable finger daemon. The original author and former
maintainer Ken Hollis has handed over development to me as stated
before. So this release is authorized.
I feel a need for this second posting because the new release also
addresses old security reports and not just the most recent one. This
release fixes all security problems that have been reported to bugtraq
before. I've went to the archive of bugtraq and found some reports
that weren't ever addressed officially but only locally on some
systems.
I've created a security web page on which I have listed these reports.
Please find them at http://www.Infodrom.North.DE/cfingerd/security.html .
Addressed security reports include:
. Don't allow userlist through search.* [May 1997]
. Don't allow userlist through search.** [May 1997]
. Buffer overflow in username [July 1999 and before]
. Root compromise through scripts [August 1998]
. Possibility to regain root access [August 1999]
Please find the new version of cfingerd at:
ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/
A general homepage has been created at
http://www.Infodrom.North.DE/cfingerd/
Regards,
Joey
--
Experience is something you don't get until just after you need it.
Please always Cc to me when replying to me on the lists.
PGP signature
