Bugtraq: Re: SunOS 4.1.4 fingerd

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd

From: scoleman () sewp nasa gov (Steve Coleman - SEWP)
Date: Fri, 17 May 1996 12:08:01 -0400


Excerpts from what Niko Makila said:

 |But, actually I recall that this was originally a feature: you could
 |finger people by their room number (or was that phone?), too.  Seeing
 |that this probably never worked except in Berkeley, it's amazing that
 |that piece of code was never removed.  Oh well, maybe it isn't that
 |amazing after all...
 |
 |        //niko

I believe that the feature was to scan the login name field and if a match
was not found to scan the gecos field for any partial information it could
match on.  Is it possible that the '.' and '@' are just forms of a regular
expression or wildcard matching?  If so then how many other wildcards are
there to grep the password file?

Steve Coleman          -- scoleman () sewp nasa gov
vox: 301.286.7636         fax: 301.286.1619

By Date By Thread

Current thread:

Re: fingerd problems, (continued)