On Sun, Sep 22, 2013 at 06:57:47PM +0200, steph...@bortzmeyer.org wrote:
Package: efingerd
Version: 1.6.2.7+nmu1
Severity: important
Dear Maintainer,
I'm afraid the default scripts in /etc/efingerd has a security
weakness. They use $2 (the client IP address or host name) without
On Mon, Sep 23, 2013 at 05:37:47PM +0200,
Radovan Garabik gara...@kassiopeia.juls.savba.sk wrote
a message of 55 lines which said:
The $2 is in quotes, and anyway it is invoked via execl(3), so I
cannot find a way how to subvert the script - that is not to say I
do not believe this is a
Package: efingerd
Version: 1.6.2.7+nmu1
Severity: important
Dear Maintainer,
I'm afraid the default scripts in /etc/efingerd has a security
weakness. They use $2 (the client IP address or host name) without
escaping it. Since the efingerd package runs by default *without* the
-n option, $2 will
3 matches
Mail list logo
