On Thu, 16 May 1996, Elliot Lee wrote:
> > [ list of ways to list all the users on a system using fingerd ]
>
> Another vulnerability of many finger daemons is their ability to support
> 'chain' fingers. If they are passed a "username" in the form of
> 'user_at_ahost.net' the finger daemon will repeat the finger, effectively
> hiding the tracks of anyone trying to scope out your system security.
This can also be used for primitive finger attacks (I know you could
easily do much nastier things) like
finger @theirhost.theirnet_at_theirhost.theirnet_at_theirhost.theirnet....
which can be used to spawn off alot of in.fingerds.
Many Linux distributions, Solaris 2.5, and IRIX 5.3 come with these holes.
Probably alot of others do too.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis_at_inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis_at_inorganic5.fdt.net for PGP public key_______
Received on May 17 1996
Intro
