efFingerD.txt

efFingerD.txt: Posted May 9, 2004; Authored by Dr. Insane | Site members.lycos.co.uk; A buffer overflow has been identified in efFingerD version 0.2.12.; tags | advisory, overflow; SHA-256 | 579a8af004a7d1139f1522767ad1220c8da86ccabd89512f32c4c6110bf8937e; Download | Favorite | View

efFingerD.txt

Security  :: Advisory  - efFingerD 0.2.12 Buffer overflow


homepage:
---------
https://sourceforge.net/projects/effingerd/

vulnerable:
-----------
efFingerD 0.2.12

Impact
------
Medium


Details
--------
efFingerD is a simple open source finger daemon. By looking a little bit at the code i identified one
buffer overflow condition. By sending as an argument to the finger command 180 characters the daemon will crash.The
problem exists in sockFinger_DataArrival function.

-------snip----------
Dim sData As String

sockFinger(Index).GetData sData, vbString
sData = Trim(Replace(sData, vbCrLf, ""))


If Len(sData) > 0 Then
   
   If sData = ".version" Then
      sockSend Index, Replace(Localize(0), "$VERSION$", App.Major & "." & App.Minor & "." & App.Revision)

   ElseIf Mid(sData, 1, 1) = "." Then
      sockSend Index, Replace(Localize(1), "$QUERY$", sData)
   
   Else
      Dim sFilename As String
      sFilename = App.Path & "\users\" & sData
      If Len(Dir(sFilename & ".log")) > 0 Then           <------- buffer overflow 1
         ' Global Header (company, version, etc...)
         If Len(Dir(App.Path & "\global.hdr")) > 0 Then
            sockFileContents Index, App.Path & "\global.hdr"
            sockSend Index, ""
         End If
         ' User Header (real name, email, project, etc...)
         If Len(Dir(sFilename & ".hdr")) > 0 Then
            sockFileContents Index, sFilename & ".hdr"
            sockSend Index, "-----"
         End If
         ' User Plan:
         sockFileContents Index, sFilename & ".log"
         ' End of Send
         sockSend Index, "-----"
         sockSend Index, Localize(3)
      Else
         sockSend Index, Replace(Localize(2), "$QUERY$", sData)
      End If
   
   End If
   
   sockFinger(Index).Close
   
End If
------snip-------------



fix/workaround:
---------------
I wrote a simple patch for efFingerD. Get the source code from:
http://members.lycos.co.uk/r34ct/main/fixes/effingerd/source/
If you want the patched binary:
http://members.lycos.co.uk/r34ct/main/fixes/effingerd/binary/



credit:
------
dr_insane@pathfinder.gr
http://members.lycos.co.uk/r34ct/

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

efFingerD.txt

efFingerD.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

efFingerD.txt

Share This

efFingerD.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems