[7257] in bugtraq
Re: Forwared to me
daemon@ATHENA.MIT.EDU (Toomas Soome)
Tue Jul 14 14:39:47 1998
Date: Mon, 13 Jul 1998 23:42:45 +0300
Reply-To: Toomas Soome <tsoome@UT.EE>
From: Toomas Soome <tsoome@UT.EE>
X-To: "Michael H. Warfield" <mhw@ALCOVE.WITTSEND.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807131546.LAA03184@alcove.wittsend.com>
On Mon, 13 Jul 1998, Michael H. Warfield wrote:
> I would also like to remark about one thing. Solar Designer
> quoted one possible action from the advisory. That one point was a
> suggestion made by my Sun contacts. It was NOT our recommendation as
> the action to be taken. My PERSONAL recommendation is to disable finger
> if at all possible. It provides way too much information about accounts and
actually, finger is only top of ice mountain, what it will do:
setpwent()
while( getpwent() ) {}
endpwent()
nothing more. but, if this is such simple, nothing will prevent users
INSIDE to write this; easy and simple way to block sysadmins while
cleaning trails or whatever. Actually, there are not only password tables
around - there are tables for services, mail aliases etc. After all,
calling NIS functions directly is not such big mystery...
just another way to generate load for server- if there are netgroups used
for some kind of access control - tcpd wrapper, NFS access etc...
so, even if You can survive one type of attack - netgroups are not too big
etc, combining different types may be just enough to bring down system...
toomas soome
Tartu University, Estonia
--
Gee, I feel kind of LIGHT in the head now, knowing I can't make my
satellite dish PAYMENTS!
