Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Breaking Finger in AIX 4.2

From: axon2017 () STUDENTS JOHNCO CC KS US (aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa)
Date: Tue, 20 Oct 1998 09:32:50 -0500

I just found this out yesterday, and I don't think it's been in the
postings before, but on AIX (I tested this on 4.2) if one's gecos field
is set to more than 99 characters, Finger starts acting really strange.

First off, it acts normal when you finger the whole host (to see who is
on) or if you finger the user with the long gecos.  When you do this,
it spews out all of it's info into the "In Real Life:" part.  It doesn't
truncate the gecos info.  I've gotten finger to scroll through a few
pages of gecos, but 100 characters is all it takes to affect the rest.

when a user fingers any other user, existant or not, finger dumps core.

chfn (the command used to edit one's gecos info) will allow me to plop
over 100 LINES of information into it.  It eventually locks up, and I
have no way to get out of it (short of opening another connection and
killing chfn or just closing the connection)

The core files generated by finger look pretty harmless.  I don't know a
lot about exploits, but I'm thinking this might mean bad things for
people who allow remote finger connections.

        .-= axon2017 () students jccc net =-.
Previous By Date Next
Previous By Thread Next

Current thread: