VULHUB ™

fingerd is a remote user information server that implements the protocol defined in RFC742. There exists a buffer overflow in finderd that allows a remote attacker to execute any local binaries. finderd reads input from its socket using the gets() standard C library call passing it a 512-byte automatic buffer allocated in main(). gets() reads the input and stores it into the buffer without performing any bounds checking. This results in a standard stack buffer overflow when main() return. The Internet Worm exploited this vulnerability.

fingerd is a remote user information server that implements the protocol defined in RFC742. There exists a buffer overflow in finderd that allows a remote attacker to execute any local binaries. finderd reads input from its socket using the gets() standard C library call passing it a 512-byte automatic buffer allocated in main(). gets() reads the input and stores it into the buffer without performing any bounds checking. This results in a standard stack buffer overflow when main() return. The Internet Worm exploited this vulnerability.