[2540] in bugtraq
SunOS 4.1.4 fingerd
daemon@ATHENA.MIT.EDU (Andy Dills)
Thu May 16 15:53:37 1996
Date: Thu, 16 May 1996 15:29:50 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Andy Dills <andy@bigdog.fred.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <9605161103.AA15517@albano>
Just messing around I picked up a couple "logic flaws" with sun 4.1.4
fingerd. This may happen on 4.1.X, but I haven't tested, and I am not
motivated enough to check :>
I know I have seen it written up someplace about the flaw when
finger 0@XXX.com is done. (It shows a finger output on every user, which
as we know, can be a very useful tool to those with bad intentions)
Thus, we just added a user 0 (zero). Problem fixed.
Anyway, I have found that fingering .@XXX.com also yeilds the same result.
I am willing to bet that many know of this, but I thought I would go
ahead and throw it out there for those who haven't heard about these...
Andy
-----/'[/'[/'[Andy Dills]'\]'\]'\-----
"Founding member of the Frednet.Support" Phear the big BEAVIS!
"_THIS_ is my BOOM stick!!!!" -- That Guy from Army of Darkness
Work:andy@fred.net---------->(BOFH)<--------Play:andy@beavis.net
NO MORE GAMES!!
