On Mon, 16 Dec 2002 19:55:05 -
NGSSoftware Insight Security Research [EMAIL PROTECTED] wrote:
NGSSoftware Insight Security Research Advisory
Name: PFinger Format String vulnerability
Systems: PFinger version 0.7.8 and earlier
Severity: High Risk
Vendor URL:
On Tue, Dec 17, 2002 at 07:37:23AM +0100, Stefan Esser wrote:
Yes noone said it is not, but fact is, the libc resolvers simply do not
allow them, so you can send through the wire whatever you want it will
not find its way to the fingerd.
Any resolver who disallows a % or any other character
On Mon, Dec 16, 2002 at 11:56:10PM -0500, [EMAIL PROTECTED] wrote:
*ON THE WIRE*, all 256 byte codes are legal, since DNS uses a length-data
Yes noone said it is not, but fact is, the libc resolvers simply do not
allow them, so you can send through the wire whatever you want it will
not find
*ON THE WIRE*, all 256 byte codes are legal, since [...]
Yes noone said it is not, but fact is, the libc resolvers simply do
not allow them, so you can send through the wire whatever you want it
will not find its way to the fingerd.
This does not match my experience.
I control rDNS for my
Due to the way requests are logged the only way to exploit this
vulnerability is through setting the DNS name of the fingering host
to the attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did not
On Mon, 16 Dec 2002 21:39:32 +0100, Stefan Esser [EMAIL PROTECTED] said:
Hello,
Due to the way requests are logged the only way to exploit this
vulnerability is through setting the DNS name of the fingering host to the
attacker supplied format string.
I really wonder how you want to
NGSSoftware Insight Security Research Advisory
Name: PFinger Format String vulnerability
Systems: PFinger version 0.7.8 and earlier
Severity: High Risk
Vendor URL: http://www.xelia.ch/unix/pfinger/
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL:
Hello,
Due to the way requests are logged the only way to exploit this
vulnerability is through setting the DNS name of the fingering host to the
attacker supplied format string.
I really wonder how you want to exploit this... Last time I checked
all tested resolvers (Linux/BSD/Solaris) did