| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Changed files:
cfingerd-1.4.3-ipv6-12121999.patch -> 1.1
cfingerd.spec -> 1.46
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.45
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.44
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.43
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.42
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.41
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.40
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.39
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.38
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.37
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.36
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.35
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.34
|
|
|
|
|
|
|
| |
- fix in config patch (s/Polish Linux Distribution/PLD Linux Distribution/)
- use new %doc.
Changed files:
cfingerd.spec -> 1.33
|
|
|
|
| |
Changed files:
cfingerd-config.patch -> 1.4
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.32
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.31
|
|
|
|
| |
Changed files:
cfingerd.inetd -> 1.4
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.30
|
|
|
|
| |
Changed files:
cfingerd.inetd -> 1.3
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.29
|
|
|
|
|
|
|
|
|
|
| |
Group field using gettext).
Changed files:
cfingerd.spec -> 1.28
Notes:
- removed all Group fields translations (our rpm now can handle translating
Group field using gettext).
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.27
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.26
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.25
|
|
|
|
|
|
| |
- need rebuilt rpm (with new macros.pld) to build these
Changed files:
cfingerd.spec -> 1.24
|
|
|
|
|
|
| |
- added patch for display GPG Public Keys (by Piotr Majka <charvel@linux.pl>).
Changed files:
cfingerd.spec -> 1.23
|
|
|
|
| |
Changed files:
cfingerd-gpg.patch -> 1.1
|
|
|
|
|
|
|
|
| |
- added security_format_bug by Megyer Laszlo <abulla@FREEMAIL.HU> (patch was posted on
BUGTRAQ,
- added using %%{rpmcflags}, %%{rpmldflags} macros.
Changed files:
cfingerd.spec -> 1.22
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following the recent habits, I break the advisory into 4 parts:
OVERVIEW:
---------
There is a critical bug in cfingerd daemon <= 1.4.3, (a classic format
bug)
that makes possible to acquire full control over the remote machine if it
runs
the cfingerd program, the configurable and secure finger daemon.
In 3 words: REMOTE ROOT VULNERABILITY
DESCRIPTION:
------------
The bug occurs in main.c, line 245, 258 and 268:
<------ syslog(LOG_NOTICE, (char *) syslog_str);
We can control the syslog_str with our ident user, that goes directly to
the secont parameter of syslog(). Using %n and some tricks, we can overwrite
anything in the daemon's memory, including the saved eip register.
The more or less proper usage of syslog this time is here:
------> syslog(LOG_NOTICE, "%s", (char *) syslog_str);
There are many papers about format bugs, so I don't write detailed infos
about it.
Changed files:
cfingerd-security_format_bug.patch -> 1.1
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.21
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.20
|
|
|
|
|
|
| |
(now it's more C like)
Changed files:
cfingerd.spec -> 1.19
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.18
|
|
|
|
|
|
|
| |
- use rpm new automation suit,
- adapterized and make %%{debug} ready.
Changed files:
cfingerd.spec -> 1.17
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.16
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.15
|
|
|
|
|
|
|
|
| |
- removed all applnkdir defs
- changed some prereqs/requires
- removed duplicate empty lines
Changed files:
cfingerd.spec -> 1.14
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.13
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- install inet service description file as fingerd (this allow generate
conflict if anyone can install cfingerd simultanously with other finger
daemon).
Changed files:
cfingerd.spec -> 1.12
Notes:
- release 4,
- install inet service description file as fingerd (this allow generate
conflict if anyone can install cfingerd simultanously fith other finger
daemon).
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.11
|
|
|
|
| |
Changed files:
cfingerd-config.patch -> 1.3
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.10
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.9
|
|
|
|
| |
Changed files:
cfingerd.spec -> 1.8
|
|
|
|
| |
Changed files:
cfingerd.inetd -> 1.2
|
|
|
|
|
|
|
| |
- added %post, %postun scripts with reloading on upgrade and stopping on
removing service.
Changed files:
cfingerd.spec -> 1.7
|
|
|
|
|
|
| |
- added ffingetd, finger-server, bsd-fingerd to Obsoletes.
Changed files:
cfingerd.spec -> 1.6
|
|
|
|
| |
Changed files:
cfingerd-config.patch -> 1.2
|
|
|
|
|
|
| |
- updated IPv6 patch (by misiek)
Changed files:
cfingerd.spec -> 1.5
|