|Summary:||security issue mentioned in comp.risks 20.22|
|Product:||[Retired] Red Hat Linux||Reporter:||kevin lyda <kevin>|
|Component:||finger||Assignee:||Crutcher Dunnavant <crutcher>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-04-08 15:49:50 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description kevin lyda 1999-02-21 22:21:47 UTC
Essentially it's possible to fill up the process table on a machine by making repeated connections to the inetd invoked finger daemon. i've submitted a fix for this to the author mentioned in the README file (firstname.lastname@example.org). in addition i uploaded rpm's with this patch to incoming.redhat.com. their names: finger-0.10-6.i386.rpm finger-0.10-6.src.rpm ------- Email Received From kevin lyda <email@example.com> 02/21/99 17:25 ------- ------- Email Received From kevin lyda <firstname.lastname@example.org> 02/21/99 17:25 -------
Comment 1 kevin lyda 1999-02-22 11:09:59 UTC
sorry, i didn't update the documentation. this bug has been mentioned in lwn.net by the way, so hopefully you can use this to get security brownie points. :) the new files live on incoming.redhat.com, and they're called finger-0.10-7.src.rpm and finger-0.10-7.i386.rpm. it has the updated man page, as well as a small tweak of the usage blurb. also, dholland is no longer the maintainer. i've asked him who is, and i'll pass the info back if you'd like.
Comment 2 Jeff Johnson 1999-04-08 15:49:59 UTC
Patch applied in finger-0.10-23. Thanks.