[2561] in bugtraq
Re: SunOS 4.1.4 fingerd
daemon@ATHENA.MIT.EDU (Patrick Ferguson)
Mon May 20 22:27:22 1996
Date: Mon, 20 May 1996 19:22:57 -0400
Reply-To: patrick@chloe.dmv.com
From: Patrick Ferguson <patrick@chloe.dmv.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199605162100.PAA00694@niwot.scd.ucar.EDU>
On Thu May 16 21:37:38 1996 Ed Arnold wrote:
>>andy@fred.net said:
>
>> Just messing around I picked up a couple "logic flaws" with sun 4.1.4
>> fingerd. This may happen on 4.1.X, but I haven't tested, and I am not
>> motivated enough to check :>
>>
>> I know I have seen it written up someplace about the flaw when
>> finger 0@XXX.com is done. (It shows a finger output on every user, which
>> as we know, can be a very useful tool to those with bad intentions)
>>
>> Thus, we just added a user 0 (zero). Problem fixed.
>>
>> Anyway, I have found that fingering .@XXX.com also yeilds the same result.
>
>just fyi, in case you hadn't tried it ... tcpd does a nice job of
>stopping this nonsense.
We use tcpd (tcp-wrappers) to block outside finger connections on a machine, but I
tested it by going to a machine that didn't have wrappers installed and was able to
use the above concatenation (user@hidden@free.machine) to look at the users online.
So I still have to modify the source for the fingers on any machine that won't run
wrappers (like IRIX).
------------------------------------------------------------------------------
Patrick Ferguson - Systems Administrator patrick@dmv.com
DelMarVa OnLine! - Salisbury, MD
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQBNAzGBrOQAAAECALpR8GMUAXnKbr9LeXVv18Q8y/n1NM1+YS8ffP/5HvM0gyso
F1T9+gcGvb3L2nFwj+wnig0UQY93vXqhXPoFN4UABRG0IlBhdHJpY2sgRmVyZ3Vz
b24gPHBhdHJpY2tAZG12LmNvbT4=
=AgnQ
-----END PGP PUBLIC KEY BLOCK-----
