Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd
From: scoleman () sewp nasa gov (Steve Coleman - SEWP)
Date: Fri, 17 May 1996 12:08:01 -0400

Excerpts from what Niko Makila said:

 |But, actually I recall that this was originally a feature: you could
 |finger people by their room number (or was that phone?), too.  Seeing
 |that this probably never worked except in Berkeley, it's amazing that
 |that piece of code was never removed.  Oh well, maybe it isn't that
 |amazing after all...
 |        //niko

I believe that the feature was to scan the login name field and if a match
was not found to scan the gecos field for any partial information it could
match on.  Is it possible that the '.' and '@' are just forms of a regular
expression or wildcard matching?  If so then how many other wildcards are
there to grep the password file?

Steve Coleman          -- scoleman () sewp nasa gov
vox: 301.286.7636         fax: 301.286.1619

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]