Debian Security Advisory

DSA-049-1 cfingerd -- remote printf format attack

Date Reported:

19 Apr 2001

Affected Packages:

cfingerd

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 2576.
In Mitre's CVE dictionary: CVE-2001-0609.

More information:

Megyer Laszlo report on Bugtraq that the cfingerd daemon as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could be exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges.

This has been fixed in version 1.4.1-1.1, and we recommend that you upgrade your cfingerd package immediately.

Note: this advisory was previously posted as DSA-048-1 by mistake.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.1.dsc; http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1.orig.tar.gz
Alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/cfingerd_1.4.1-1.1_alpha.deb
ARM:: http://security.debian.org/dists/stable/updates/main/binary-arm/cfingerd_1.4.1-1.1_arm.deb
Intel IA-32:: http://security.debian.org/dists/stable/updates/main/binary-i386/cfingerd_1.4.1-1.1_i386.deb
Motorola 680x0:: http://security.debian.org/dists/stable/updates/main/binary-m68k/cfingerd_1.4.1-1.1_m68k.deb
PowerPC:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/cfingerd_1.4.1-1.1_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/cfingerd_1.4.1-1.1_sparc.deb