Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd
From: patrick () chloe dmv com (Patrick Ferguson)
Date: Mon, 20 May 1996 19:22:57 -0400

On Thu May 16 21:37:38 1996 Ed Arnold wrote:
andy () fred net said:

Just messing around I picked up a couple "logic flaws" with sun 4.1.4
fingerd. This may happen on 4.1.X, but I haven't tested, and I am not
motivated enough to check :>

I know I have seen it written up someplace about the flaw when
finger 0 () XXX com is done. (It shows a finger output on every user, which
as we know, can be a very useful tool to those with bad intentions)

Thus, we just added a user 0 (zero). Problem fixed.

Anyway, I have found that fingering . () XXX com also yeilds the same result.

just fyi, in case you hadn't tried it ... tcpd does a nice job of
stopping this nonsense.

We use tcpd (tcp-wrappers) to block outside finger connections on a machine, but I
tested it by going to a machine that didn't have wrappers installed and was able to
use the above concatenation (user () hidden@free.machine) to look at the users online.
So I still have to modify the source for the fingers on any machine that won't run
wrappers (like IRIX).

Patrick Ferguson - Systems Administrator                      patrick () dmv com
DelMarVa OnLine! - Salisbury, MD

Version: 2.6.2


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]