[2547] in bugtraq
Re: fingerd problems
daemon@ATHENA.MIT.EDU (Jon Lewis)
Fri May 17 01:21:55 1996
Date: Fri, 17 May 1996 00:16:22 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.LNX.3.91.960516165951.28231E-100000@dilbert.redhat.com>
On Thu, 16 May 1996, Elliot Lee wrote:
> > [ list of ways to list all the users on a system using fingerd ]
>
> Another vulnerability of many finger daemons is their ability to support
> 'chain' fingers. If they are passed a "username" in the form of
> 'user@ahost.net' the finger daemon will repeat the finger, effectively
> hiding the tracks of anyone trying to scope out your system security.
This can also be used for primitive finger attacks (I know you could
easily do much nastier things) like
finger @theirhost.theirnet@theirhost.theirnet@theirhost.theirnet....
which can be used to spawn off alot of in.fingerds.
Many Linux distributions, Solaris 2.5, and IRIX 5.3 come with these holes.
Probably alot of others do too.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
