Title: EFingerD Reverse Resolver Buffer Overflow Vulnerability
Severity: HIGH
Description:
efingerd is a freely available, open source finger daemon for use on the Linux operating system. It is publicly developed and maintained.
A problem with efingerd could result in code execution. The problem is in the handling of untrusted input.
efingerd does not properly handle domain information. When a host connects to the finger daemon, by default the daemon takes the ip address of the connecting host, and attempts to resolve it. However, if the name of the host is greater than 100 bytes, a buffer overflow occurs. This problem could potentially be exploited to overwrite stack variables, including the return address, and execute code with the privileges of the efingerd process.
This problem may make it possible for a malicious nameserver with authority for the reverse resolution over a network to exploit this buffer overflow, and execute code as the efingerd process.
Affected Products:
- efingerd efingerd 1.3.0
- efingerd efingerd 1.6.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
