A buffer overflow has been identified in efFingerD version 0.2.12.
579a8af004a7d1139f1522767ad1220c8da86ccabd89512f32c4c6110bf8937e
Security :: Advisory - efFingerD 0.2.12 Buffer overflow
homepage:
---------
https://sourceforge.net/projects/effingerd/
vulnerable:
-----------
efFingerD 0.2.12
Impact
------
Medium
Details
--------
efFingerD is a simple open source finger daemon. By looking a little bit at the code i identified one
buffer overflow condition. By sending as an argument to the finger command 180 characters the daemon will crash.The
problem exists in sockFinger_DataArrival function.
-------snip----------
Dim sData As String
sockFinger(Index).GetData sData, vbString
sData = Trim(Replace(sData, vbCrLf, ""))
If Len(sData) > 0 Then
If sData = ".version" Then
sockSend Index, Replace(Localize(0), "$VERSION$", App.Major & "." & App.Minor & "." & App.Revision)
ElseIf Mid(sData, 1, 1) = "." Then
sockSend Index, Replace(Localize(1), "$QUERY$", sData)
Else
Dim sFilename As String
sFilename = App.Path & "\users\" & sData
If Len(Dir(sFilename & ".log")) > 0 Then <------- buffer overflow 1
' Global Header (company, version, etc...)
If Len(Dir(App.Path & "\global.hdr")) > 0 Then
sockFileContents Index, App.Path & "\global.hdr"
sockSend Index, ""
End If
' User Header (real name, email, project, etc...)
If Len(Dir(sFilename & ".hdr")) > 0 Then
sockFileContents Index, sFilename & ".hdr"
sockSend Index, "-----"
End If
' User Plan:
sockFileContents Index, sFilename & ".log"
' End of Send
sockSend Index, "-----"
sockSend Index, Localize(3)
Else
sockSend Index, Replace(Localize(2), "$QUERY$", sData)
End If
End If
sockFinger(Index).Close
End If
------snip-------------
fix/workaround:
---------------
I wrote a simple patch for efFingerD. Get the source code from:
http://members.lycos.co.uk/r34ct/main/fixes/effingerd/source/
If you want the patched binary:
http://members.lycos.co.uk/r34ct/main/fixes/effingerd/binary/
credit:
------
dr_insane@pathfinder.gr
http://members.lycos.co.uk/r34ct/