Bugtraq: Re: fingerd

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: fingerd

From: bsides () TOWERY COM (Brock Sides)
Date: Thu, 27 Apr 2000 14:13:55 -0500


I have attempted to confirm this, and failed, for Irix 6.3, 6.4, and
6.5.7m. In all cases, if the .plan file is symlinked to /etc/shadow, a
remote finger, or a local finger by any user other than root, returns "No
Plan."

Based on a little experimentation, it appears that Irix fingerd drops
privileges to those of "guest" before reading .plan files.

--
Brock Sides
Unix Systems Administration
Towery Publishing
bsides () towery com

On Thu, 27 Apr 2000, Psarras Nikos wrote:

I am new on the list so i dont know if you knew that.

On Irix 6.4 with all patches installed the fingerd seems to like to
display the shadow file to all users.

ln -s /etc/shadow /path/user/.plan
finger user () irix64 show shadow



This feature was found by a student -Zanikolas Serafim- while he was
reading a 9 years old system administrator's book.

Psarras Nicholas

By Date By Thread

Current thread:

piranha default password/exploit, (continued)
- piranha default password/exploit Max Vision (Apr 24)
  - Re: piranha default password/exploit Cristian Gafton (Apr 25)
  - Re: piranha default password/exploit CDI (Apr 25)
    - Re: piranha default password/exploit Matt Wilson (Apr 26)
    - fingerd Psarras Nikos (Apr 27)
    - Re: fingerd Brock Sides (Apr 27)
    - Re: fingerd Jeremy Rauch (Apr 27)
    - Cartfix Secret Backdoor Patch tool for cart32 Weld Pond (Apr 27)
- ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Aleph One (Apr 25)
  - Re: ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Cristian Gafton (Apr 25)