We have received a report that the all versions of cfingerd prior to
1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on
bugtraq.

We recommend you upgrade your cfingerd package immediately or disable
ALLOW_EXECUTION.  The latter is turned off in the default Debian
configuration.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
-------------------------------

  Source archives:

          MD5 checksum: 01f1f08cb22716f3188370bb827557e4
          MD5 checksum: 8fd375da499ec3e0198981a97c11d5fe

  Sun Sparc architecture:

          MD5 checksum: 7edc36abd55c18c0c8f9e90837ab15cb

  Intel architecture:

          MD5 checksum: 515bdcc9e579ce8b886341658bacaefd

  Motorola 680x0 architecture:

          MD5 checksum: ec6f1388f5a7b407637aabc4de29a0c5

  Alpha architecture:

          MD5 checksum: 97123d5b5eed85c74788d0c35c20b03b


Debian GNU/Linux unstable alias potato
--------------------------------------

  Source archives:

    .4.0-1.diff.gz
      MD5 checksum: ad4cf97b7c3f679e3b4133320cac769c
    -1.dsc
      MD5 checksum: c5b5448968db444ee70075087e35a294

  Sun Sparc architecture:

          MD5 checksum: 8aa7fd61b8db6f76cb8120df3082a54e

  Intel ia32 architecture:

          MD5 checksum: a33ea81eb429c7b734a2769685c1131a

  Motorola 680x0 architecture:

          MD5 checksum: 09b035f723bb9dd831e7d3a23f80f2f7

  Alpha architecture:

          MD5 checksum: a3ecf841a966487fa888a6b4e9f92bc7

  PowerPC architecture:

          MD5 checksum: 011da6d4cacaaf78304559606ff2f05e

For not yet released architectures please refer to the appropriate
directory  .

--
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .

New versions of cfingerd fixes root exploit

December 13, 1999
We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq.

Summary

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink
-------------------------------

Source archives:

MD5 checksum: 01f1f08cb22716f3188370bb827557e4
MD5 checksum: 8fd375da499ec3e0198981a97c11d5fe

Sun Sparc architecture:

MD5 checksum: 7edc36abd55c18c0c8f9e90837ab15cb

Intel architecture:

MD5 checksum: 515bdcc9e579ce8b886341658bacaefd

Motorola 680x0 architecture:

MD5 checksum: ec6f1388f5a7b407637aabc4de29a0c5

Alpha architecture:

MD5 checksum: 97123d5b5eed85c74788d0c35c20b03b


Debian GNU/Linux unstable alias potato
--------------------------------------

Source archives:

.4.0-1.diff.gz
MD5 checksum: ad4cf97b7c3f679e3b4133320cac769c
-1.dsc
MD5 checksum: c5b5448968db444ee70075087e35a294

Sun Sparc architecture:

MD5 checksum: 8aa7fd61b8db6f76cb8120df3082a54e

Intel ia32 architecture:

MD5 checksum: a33ea81eb429c7b734a2769685c1131a

Motorola 680x0 architecture:

MD5 checksum: 09b035f723bb9dd831e7d3a23f80f2f7

Alpha architecture:

MD5 checksum: a3ecf841a966487fa888a6b4e9f92bc7

PowerPC architecture:

MD5 checksum: 011da6d4cacaaf78304559606ff2f05e

For not yet released architectures please refer to the appropriate
directory .

--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .




Severity
We recommend you upgrade your cfingerd package immediately or disable
ALLOW_EXECUTION. The latter is turned off in the default Debian
configuration.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up