[2556] in bugtraq
Re: SunOS 4.1.4 fingerd
daemon@ATHENA.MIT.EDU (Taner Halicioglu)
Fri May 17 15:20:15 1996
Date: Fri, 17 May 1996 09:56:21 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Taner Halicioglu <taner@sdsc.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.ULT.3.93.960516125512.21116Q-100000@red4.cac.washington.edu>
On Thu, 16 May 1996, Dave Dittrich wrote:
> The trick, as I learned it, was to use @@XXX.com on Ultrix systems.
> After a quick test, I notice that single letters and "." don't work on
> Ultrix, but any digit or "@" does. Go figure. Probably some Berkeley
> student had a hangover the day they coded finger?
Well, the normal finger program will finger @localhost if you specify
simply:
finger @
so when you do, for example:
finger @@foo.bar.com
foo.bar.com will receive the finger with the data "@" and then proceed to
finger itself (localhost). A simple denial of service attack is to do:
finger @@@@@@@@@@@@@@@@@@[...]@@@foo.bar.com
You can imagine what this will cause... :-) I trivial fix is to look for
an '@' sign in the sent string (in in.fingerd) and deny the finger.
-Taner
-------------------------=[ D. Taner Halicioglu ]=----------------------------
taner@sdsc.edu The San Diego Supercomputer Center, Workstation Services
taner@ucsd.edu U. of California, San Diego - Revelle - Computer Sci.
IRC Admin for irc.sdsc.edu/irc.ucsd.edu/irc.cerf.net
taner@mecca.epri.com EPRI - 3412 Hillview Ave, Palo Alto, CA
-------------=[ Linux 1.3.* OS - http://www.sdsc.edu/~taner/ ]=---------------
