From owner-freebsd-security  Fri Sep 11 17:29:11 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA03582
          for freebsd-security-outgoing; Fri, 11 Sep 1998 17:29:11 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA03572
          for <security@FreeBSD.ORG>; Fri, 11 Sep 1998 17:29:05 -0700 (PDT)
          (envelope-from mike@seidata.com)
Received: from localhost (mike@localhost)
	by ns1.seidata.com (8.8.8/8.8.5) with SMTP id UAA09124;
	Fri, 11 Sep 1998 20:27:56 -0400 (EDT)
Date: Fri, 11 Sep 1998 20:27:55 -0400 (EDT)
From: Mike <mike@seidata.com>
To: Hector Gonzalez Jaime <cacho@ns.iteso.mx>
cc: Lutz Rabing <LutzRab@omc.net>, security@FreeBSD.ORG
Subject: Re: fingerd exploit 
In-Reply-To: <Pine.BSF.3.91.980911124340.7689A-100000@naserv.gdl.iteso.mx>
Message-ID: <Pine.BSF.4.01.9809112023220.7944-100000@ns1.seidata.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 11 Sep 1998, Hector Gonzalez Jaime wrote:

> finger user@host.one@host.two@host.three@so.on

FWIW, I believe 'secure finger' takes care of this.  I don't recall
the exact URL for it right now, but it reportedly takes care of a lot
of 'problems' with the standard fingerd.  It does have some oddities
of its own, IMO, such as storing user plan files, etc. in a dedicated
directory, etc.  I ran this for awhile when I was using 2.2.7.  When I
went up to -current, I just kept the default fingerd.

Anyone have a suggestion re: the best fingerd to run?

	-mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message