[4560] in bugtraq
cfingerd vulnerability
daemon@ATHENA.MIT.EDU (Rodrigo Barbosa)
Sat May 24 13:38:22 1997
Date: Fri, 23 May 1997 22:45:04 -0300
Reply-To: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR>
From: Rodrigo Barbosa <rodrigob@MORCEGO.LINKWAY.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
Hello,
i don't know if it has been noticed before, but cfingerd installs,
by default, a search service. You can use it as:
finger search.username@host
Thats ok, but you can use keymasks. And if you do:
finger search.*@host
you can get a list of all the users in the system.
I've tried it if cfinger 1.2.2 (probably it is not the latest version).
--
Rodrigo Barbosa (Personal e-mail: rodrigob@darkover.org )
Network Administrator (Work e-mail : rodrigob@morcego.linkway.com.br )
PGP Key,HomePage address etc: finger rodrigob@morcego.linkway.com.br
PGP Fingerprint: [ D9 15 02 9E 72 32 5A 0A AC F0 DA 11 6A 4C A3 12 ]
--> Except where explicitly stated I speak on my own behalf. <--
