[2555] in bugtraq
Re: fingerd problems
daemon@ATHENA.MIT.EDU (Robert A. Pickering Jr.)
Fri May 17 15:13:16 1996
Date: Fri, 17 May 1996 14:08:02 -0400
Reply-To: "Robert A. Pickering Jr." <pickerin@fuse.net>
From: "Robert A. Pickering Jr." <pickerin@fuse.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.91.960517023929.69A-100000@devnull.saturn.net>
On Fri, 17 May 1996, Brian Mitchell wrote:
> Some www servers also include the 'finger' cgi program, which can be used
> in much the same way, ie:
>
> lynx http://www.cgis.net/cgi-bin/finger\?user@host
>
> Brian Mitchell brian@saturn.net
>
> "I never give them hell. I just tell the truth and they think it's hell"
> - H. Truman
>
Additionally, this a method often used to get past a firewall
configuration where the WWW server is a "trusted host" but the
user on the Internet is not.
We've removed all the "standard" cgi-bin programs from all our hosted
websites for this very reason.
--
Robert A. Pickering Jr. Internet Services Manager
Cincinnati Bell Telephone pickerin@fuse.net
A Rough Whimper of Insanity (Information Superhighway)
PGP key ID: 75CAFF7D 1995/05/09
PGP Fingerprint: B1 63 0C 09 D8 2E 5D 69 BB 61 A2 92 22 37 63 C3
