Debian Security Advisory

cfingerd -- Buffer overflow in older versions of cfingerd

Date Reported:
06 Aug 1999
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 512.
In Mitre's CVE dictionary: CVE-1999-0708.
More information:
The current version of Debian is not vulnerable to this exploit. Those using versions of Debian prior to 2.0 or cfingerd versions prior to 1.3.2-9 should upgrade to the latest version of cfingerd.

The original bug report, referred to in the "credit" section of BugTraq ID 512, has additional information.

An email in the Stuttgart BugTraq archive 1999/07 (00009) suggests using other variants of fingerd, instead of the patch referred to in the "solution" section of BugTraq ID 512.

Update: Another cfingerd exploit is covered in a later advisory.