From owner-freebsd-hackers  Mon Mar 13 14:14:53 1995
Return-Path: hackers-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA00377 for hackers-outgoing; Mon, 13 Mar 1995 14:14:53 -0800
Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA00371 for <hackers@FreeBSD.org>; Mon, 13 Mar 1995 14:14:52 -0800
Received: by cs.weber.edu (4.1/SMI-4.1.1)
	id AA04366; Mon, 13 Mar 95 15:08:28 MST
From: terry@cs.weber.edu (Terry Lambert)
Message-Id: <9503132208.AA04366@cs.weber.edu>
Subject: Re: finger @ bug (fwd)
To: Remy.Card@masi.ibp.fr (Remy CARD)
Date: Mon, 13 Mar 95 15:08:27 MST
Cc: hackers@FreeBSD.org
In-Reply-To: <199503131944.UAA10022@hebe.ibp.fr> from "Remy CARD" at Mar 13, 95 08:44:27 pm
X-Mailer: ELM [version 2.4dev PL52]
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

> 	This has just been sent to the linux-security mailing list.  Since
> the FreeBSD's fingerd also has the bug, could someone please integrate the
> fix?

[ ... finger user@host.other.domain@host.domain ... ]

Why is this a problem?

I've used this for forever.  It's lets a firewall machine accept
finger requests for forwarding without opening machines in the domain
to fingerd buffer overrun attacks.


					Terry Lambert
					terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.