COMMAND

    cfinger

SYSTEMS AFFECTED

    Systems running cfinger

PROBLEM

    cfingerd installs, by  default, a search  service. You can  use it
    as:

        finger search.username@host

    Thats ok, but you can use keymasks. And if you do:

        finger search.*@host

    you can get a  list of all the  users in the system.   Credit goes
    to Rodrigo Barbosa.

    This was tested on cfinger  1.2.2. version).  1.3.2 still  has the
    vulnerability, but you need to supply:

        finger search.**@host

    instead.

SOLUTION

    Please find the new version of cfingerd at:

        ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/

    A general homepage has been created at

        http://www.Infodrom.North.DE/cfingerd/