Security Information / 2013 / Security Information -- DSA-2635-1 cfingerd

Debian Security Advisory

DSA-2635-1 cfingerd -- buffer overflow

Date Reported:

01 Mar 2013

Affected Packages:

cfingerd

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 700098.
In Mitre's CVE dictionary: CVE-2013-1049.

More information:

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 (ident) client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.3-3+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 1.4.3-3.1.

For the unstable distribution (sid), this problem has been fixed in version 1.4.3-3.1.

We recommend that you upgrade your cfingerd packages.