Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd

From: dittrich () cac washington edu (Dave Dittrich)
Date: Thu, 16 May 1996 13:04:07 -0700


On Thu, 16 May 1996, Andy Dills wrote:

I know I have seen it written up someplace about the flaw when
finger 0 () XXX com is done. (It shows a finger output on every user, which
as we know, can be a very useful tool to those with bad intentions)
...
Anyway, I have found that fingering .@XXX.com also yeilds the same result.


The trick, as I learned it, was to use @@XXX.com on Ultrix systems.
After a quick test, I notice that single letters and "." don't work on
Ultrix, but any digit or "@" does.  Go figure.  Probably some Berkeley
student had a hangover the day they coded finger?

Thus, we just added a user 0 (zero). Problem fixed.


Looks like you'll have to add a few more users! ;)

--
Dave Dittrich                  Client Services, Computing & Communications
dittrich () cac washington edu    University of Washington

<a href="http://www.washington.edu/People/dad/";>
Dave Dittrich / dittrich () cac washington edu</a>

Current thread:

TCP SYN probe detection tool available Doug Hughes (May 14)
- Re: TCP SYN probe detection tool available Brian Mitchell (May 15)
  - information on syslog bug wanted ALEXANDER SCHUETZ (May 17)
  - BoS: SECURITY BUG in FreeBSD Krzysztof Labanowski (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Dan Cross (May 17)
    - Re: BoS: SECURITY BUG in FreeBSD Steve Reid (May 17)
- <Possible follow-ups>
- Re: TCP SYN probe detection tool available redeye () compulink gr (May 15)
  - Re: TCP SYN probe detection tool available Casper Dik (May 16)
    - SunOS 4.1.4 fingerd Andy Dills (May 16)
    - Re: SunOS 4.1.4 fingerd Dave Dittrich (May 16)
    - Re: fingerd problems Elliot Lee (May 16)
    - Re: fingerd problems Jon Lewis (May 16)
    - Re: fingerd problems Brian Mitchell (May 16)
    - Re: fingerd problems Robert A. Pickering Jr. (May 17)
    - Re: SunOS 4.1.4 fingerd Kevin at Paranoia (May 16)
    - Re: SunOS 4.1.4 fingerd Christopher X. Candreva (May 16)
    - Re: SunOS 4.1.4 fingerd Niko Makila (May 16)
    - Re: SunOS 4.1.4 fingerd Steve Coleman - SEWP (May 17)
    - Re: SunOS 4.1.4 fingerd bitblt () bitblt resnet cornell edu (May 17)
    - Re: SunOS 4.1.4 fingerd Yiorgos Adamopoulos (May 17)

(Thread continues...)