Bugtraq: SunOS 4.1.4 fingerd

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

SunOS 4.1.4 fingerd

From: andy () bigdog fred net (Andy Dills)
Date: Thu, 16 May 1996 15:29:50 -0400


Just messing around I picked up a couple "logic flaws" with sun 4.1.4
fingerd. This may happen on 4.1.X, but I haven't tested, and I am not
motivated enough to check :>

I know I have seen it written up someplace about the flaw when
finger 0 () XXX com is done. (It shows a finger output on every user, which
as we know, can be a very useful tool to those with bad intentions)

Thus, we just added a user 0 (zero). Problem fixed.

Anyway, I have found that fingering . () XXX com also yeilds the same result.

I am willing to bet that many know of this, but I thought I would go
ahead and throw it out there for those who haven't heard about these...

Andy


              -----/'[/'[/'[Andy Dills]'\]'\]'\-----
 "Founding member of the Frednet.Support"   Phear the big BEAVIS!
"_THIS_ is my BOOM stick!!!!"  --   That Guy from Army of Darkness
 Work:andy () fred net---------->(BOFH)<--------Play:andy () beavis net
                          NO MORE GAMES!!

By Date By Thread

Current thread:

BoS: SECURITY BUG in FreeBSD, (continued)
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
  - Re: TCP SYN probe detection tool available Casper Dik (May 16)
    - SunOS 4.1.4 fingerd Andy Dills (May 16)
    - Re: SunOS 4.1.4 fingerd Dave Dittrich (May 16)
    - Re: fingerd problems Elliot Lee (May 16)
    - Re: fingerd problems Jon Lewis (May 16)
    - Re: fingerd problems Brian Mitchell (May 16)
    - Re: fingerd problems Robert A. Pickering Jr. (May 17)