Malcolm Scott discovered a remote-exploitable buffer overflow in the rfc1413 client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3.