Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1271 - security issue mentioned in comp.risks 20.22
Summary: security issue mentioned in comp.risks 20.22
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: finger
Version: 5.2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-02-21 22:21 UTC by kevin lyda
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-04-08 15:49:50 UTC


Attachments (Terms of Use)

Description kevin lyda 1999-02-21 22:21:47 UTC
Essentially it's possible to fill up the process table on a
machine by making repeated connections to the inetd invoked
finger daemon.

i've submitted a fix for this to the author mentioned in the
README file (dholland@hcs.harvard.edu).  in addition i
uploaded rpm's with this patch to incoming.redhat.com.
their names:

finger-0.10-6.i386.rpm
finger-0.10-6.src.rpm

------- Email Received From  kevin lyda <kevin@suberic.net> 02/21/99 17:25 -------


------- Email Received From  kevin lyda <kevin@suberic.net> 02/21/99 17:25 -------

Comment 1 kevin lyda 1999-02-22 11:09:59 UTC
sorry, i didn't update the documentation.  this bug has been mentioned
in lwn.net by the way, so hopefully you can use this to get security
brownie points.  :)

the new files live on incoming.redhat.com, and they're called
finger-0.10-7.src.rpm and finger-0.10-7.i386.rpm.  it has the updated
man page, as well as a small tweak of the usage blurb.  also, dholland
is no longer the maintainer.  i've asked him who is, and i'll pass the
info back if you'd like.

Comment 2 Jeff Johnson 1999-04-08 15:49:59 UTC
Patch applied in finger-0.10-23. Thanks.


Note You need to log in before you can comment on or make changes to this bug.