[147] in linux-security and linux-alert archive
finger @ bug
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Mon Mar 13 12:17:20 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Mar 1995 14:58:31 +0100 (MEZ)
From: Marek Michalkiewicz <ind43@ci3ux.ci.pwr.wroc.pl>
Reply-To: linux-security@tarsier.cv.nrao.edu
Hi,
in.fingerd has a bug which allows "recursive" fingering. For example:
finger user@host.other.domain@host.domain
The bug is known for quite some time, and is not Linux-specific (it exists
at least in SunOS, Solaris, SCO, IRIX, FreeBSD - but has been fixed in HP-UX
for example). It has some security implications: if you only allow finger
access from local domain, you must do this on all machines in local domain.
and it makes denial of service attack possible, especially on smaller Linux
boxes (by forking lots of processes).
I have sent a patch for this to Florian. You can get fixed in.fingerd
source from ftp://ftp.ists.pwr.wroc.pl/pub/linux/bugfixes/fingerd.tar.gz
or wait for a new NetKit-B release.
BTW, linux.nrao.edu has this problem too...
Regards,
--
Marek Michalkiewicz
marekm@i17linuxa.ists.pwr.wroc.pl || ind43@ci3ux.ci.pwr.wroc.pl
