Bugtraq mailing list archives

Re: SunOS 4.1.4 fingerd

From: taner () sdsc edu (Taner Halicioglu)
Date: Fri, 17 May 1996 09:56:21 -0700


On Thu, 16 May 1996, Dave Dittrich wrote:

The trick, as I learned it, was to use @@XXX.com on Ultrix systems.
After a quick test, I notice that single letters and "." don't work on
Ultrix, but any digit or "@" does.  Go figure.  Probably some Berkeley
student had a hangover the day they coded finger?


Well, the normal finger program will finger @localhost if you specify
simply:

  finger @

so when you do, for example:

  finger @@foo.bar.com

foo.bar.com will receive the finger with the data "@" and then proceed to
finger itself (localhost).  A simple denial of service attack is to do:

  finger @@@@@@@@@@@@@@@@@@[...]@@@foo.bar.com

You can imagine what this will cause... :-)  I trivial fix is to look for
an '@' sign in the sent string (in in.fingerd) and deny the finger.

        -Taner
-------------------------=[ D. Taner Halicioglu ]=----------------------------
   taner () sdsc edu     The San Diego Supercomputer Center, Workstation Services
   taner () ucsd edu     U. of California, San Diego - Revelle - Computer Sci.
                      IRC Admin for irc.sdsc.edu/irc.ucsd.edu/irc.cerf.net
taner () mecca epri com  EPRI - 3412 Hillview Ave, Palo Alto, CA
-------------=[ Linux 1.3.* OS - http://www.sdsc.edu/~taner/ ]=---------------

Current thread:

Re: fingerd problems, (continued)
- - - Re: fingerd problems Jon Lewis (May 16)
    - Re: fingerd problems Brian Mitchell (May 16)
    - Re: fingerd problems Robert A. Pickering Jr. (May 17)
    - Re: SunOS 4.1.4 fingerd Kevin at Paranoia (May 16)
    - Re: SunOS 4.1.4 fingerd Christopher X. Candreva (May 16)
    - Re: SunOS 4.1.4 fingerd Niko Makila (May 16)
    - Re: SunOS 4.1.4 fingerd Steve Coleman - SEWP (May 17)
    - Re: SunOS 4.1.4 fingerd bitblt () bitblt resnet cornell edu (May 17)
    - Re: SunOS 4.1.4 fingerd Yiorgos Adamopoulos (May 17)
    - Re: SunOS 4.1.4 fingerd David B. Vanderpool (May 17)
    - Re: SunOS 4.1.4 fingerd Taner Halicioglu (May 17)
    - Re: SunOS 4.1.4 fingerd Craig Raskin (May 17)
    - Re: SunOS 4.1.4 fingerd Ed Arnold (May 16)
    - Re: SunOS 4.1.4 fingerd Patrick Ferguson (May 20)
    - Re: SunOS 4.1.4 fingerd Eilon Gishri (May 21)
    - Re: SunOS 4.1.4 fingerd Alan Brown (May 22)
    - CERT Vendor-Initiated Bulletin VB-96.06 - FreeBSD CERT Bulletin (May 20)
    - Re: SunOS 4.1.4 fingerd invalid opcode (May 16)
- Re: TCP SYN probe detection tool available James W. Abendschan (May 15)
  - Re: TCP SYN probe detection tool available Henri Karrenbeld (May 16)
    - Re: TCP SYN probe detection tool available Brian Mitchell (May 16)

(Thread continues...)