RE: Secure Finger Daemon
Hi,
well I can't provide any infos about these finger daemons, as I am not using
any finger services at all during the past years. I stopped using this
service, when one of my box was hacked using an exploit in the fingerd. Then I
asked myself for what reason I am running finger service at all and didn't
come up with a useful reason for doing it. So, I would suggest that you
rethink if you really need this service and then I would think about
implementations.
I would suggest to forget it and don't use it.
Best regards,
Oli
> -----Original Message-----
> From: eim [mailto:eim@eimbox.org]
> Sent: Saturday, January 05, 2002 7:09 PM
> To: Debian-Security List
> Subject: Secure Finger Daemon
>
>
> Hello,
>
> I'm planing to install a secure finger daemon
> on one of the public boxes I admin.
>
> Well, out there are really many different finger
> daemons and in the Debian stable tree I can find:
>
> * efingerd - Another finger daemon for unix
> capable of fine-tuning your output.
> * xfingerd - BSD-like finger daemon with qmail support.
> * ffingerd - A secure finger daemon
> * fingerd - Remote user information server.
> * cfingerd - Configurable and secure finger daemon
>
> So I've considered using fingered which should be secure.
>
> Often I hear and read about exploited finger daemons which
> gave the attacker system access so I'm asking on this list
> help about the F Daemon.
>
> Which Finger daemon is *really* secure ?
> Shouldn't I install this service at all ?
> Any experiences about compromised systems ?
>
> Thanks for any help !
> Have a nice time,
> - Ivo
>
> --
>
> »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
> Ivo Marino eim@eimbox.org
> UN*X Developer, running Debian GNU/Linux
> irc.OpenProjects.net #debian
> http://eimbox.org
> »« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: