|
Bugtraq
mailing list archives
Re: fingerd
From: jrauch () SECURITYFOCUS COM (Jeremy Rauch)
Date: Thu, 27 Apr 2000 15:35:06 -0700
On Thu, Apr 27, 2000 at 02:06:06PM +0300, Psarras Nikos wrote:
I am new on the list so i dont know if you knew that.
On Irix 6.4 with all patches installed the fingerd seems to like to
display the shadow file to all users.
ln -s /etc/shadow /path/user/.plan
finger user () irix64 show shadow
This feature was found by a student -Zanikolas Serafim- while he was
reading a 9 years old system administrator's book.
I find this very very hard to believe. 6.5 and 6.2 are not vulnerable.
Both run fingerd as 'guest'
finger stream tcp nowait guest /usr/etc/fingerd fingerd
making it impossible for finger to return the shadow. Unless someone
at SGI went and changed fingerd to run as root for the 6.4 release, and
fixed it for 6.5, something is amiss here. 6.4 isn't a release I've been
able to find someone running, however...
Have you checked the permissions on /etc/shadow?
-Jeremy
 By Date 
By Thread
Current thread:
- Re: piranha default password/exploit, (continued)
ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Aleph One (Apr 25)
| 
Intro
