Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: finger-bombing
From: chowes () helix net (Charles Howes)
Date: Fri, 14 Oct 1994 00:49:47 -0700 (PDT)

On Thu, 13 Oct 1994, Scott Chasin wrote:


There is a serious bug in the Ultrix OS which allows a remote finger
request to dump all known user finger profiles back out to the
requestor (this has been known for quite some time).

Example: finger @@some.ultrix.host.com

This would dump all system known users.  The first '@' is translated to
a NULL and fools fingerd into dumping everything.

--

The same hack in a different fashion on SunOS 4.1.x will give random users
profiles (at least from what I have seen.. At one time I thought not).

Example: finger 23234123123123123 () some sunos host com

The rather large number has strange effect on fingerd -- I haven't looked
close enought to see what.

--Scott
chasin () crimelab com


Try 'finger 0 () some sunos host com'.

There's code in finger to determine which building a person is in, and
they're numbered.  Berkeley buildings, I think.

It was in the comp.sys.bugs.bsd (or some permutation thereof) a while
back.  (I couldn't *get* any more vague, sorry.)

ObBug: Ooops, just used it.
--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]