[2544] in bugtraq
Re: fingerd problems
daemon@ATHENA.MIT.EDU (Elliot Lee)
Thu May 16 18:02:02 1996
Date: Thu, 16 May 1996 17:04:43 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Elliot Lee <sopwith@dilbert.redhat.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.ULT.3.93.960516125512.21116Q-100000@red4.cac.washington.edu>
> [ list of ways to list all the users on a system using fingerd ]
Another vulnerability of many finger daemons is their ability to support
'chain' fingers. If they are passed a "username" in the form of
'user@ahost.net' the finger daemon will repeat the finger, effectively
hiding the tracks of anyone trying to scope out your system security.
For a demonstration, 'telnet prep.ai.mit.edu 79' and type
'[yourname]@[yourhost]'. If you have TCP wrappers installed, you will
notice that the finger connection comes from prep.ai.mit.edu, not [yourhost].
Elliot Lee
