Bugtraq mailing list archives
Re: Forwared to me
From: mhw () ALCOVE WITTSEND COM (Michael H. Warfield)
Date: Mon, 13 Jul 1998 16:59:48 -0400
Toomas Soome enscribed thusly:
On Mon, 13 Jul 1998, Michael H. Warfield wrote:
I would also like to remark about one thing. Solar Designer quoted one possible action from the advisory. That one point was a suggestion made by my Sun contacts. It was NOT our recommendation as the action to be taken. My PERSONAL recommendation is to disable finger if at all possible. It provides way too much information about accounts and
actually, finger is only top of ice mountain, what it will do: setpwent() while( getpwent() ) {} endpwent()
nothing more. but, if this is such simple, nothing will prevent users INSIDE to write this; easy and simple way to block sysadmins while cleaning trails or whatever. Actually, there are not only password tables around - there are tables for services, mail aliases etc. After all, calling NIS functions directly is not such big mystery...
Oh... Absolutely... One of my reasons for going into such detail in the advisory was to ephasize to everyone that this was not really a finger problem but inherent in the way the libraries worked. For that reason it would be easy for someone to create a new nusance either accidentally or intentionally. I wanted people to understand just where the problem really existed and to come up with better solutions. The NIS caching idea sounds like a good approach. To be honest, I hadn't given quite so much thought to a local user creating such a simple program and running it on multiple systems in quite that way, but it is certainly feasable. It's also feasable that he would rapidly get his butt kicked right into next week if caught playing with something like this. :-) The only thing about a local user doing something like this is that he would so completely load down his own system that it would rapidly become unusable and forget about anything he was remotely connected to. You can't do much clean up when your program demands so much horsepower from the system that the screensaver stops dead in its tracks. :-)
just another way to generate load for server- if there are netgroups used for some kind of access control - tcpd wrapper, NFS access etc...
so, even if You can survive one type of attack - netgroups are not too big etc, combining different types may be just enough to bring down system...
A few months ago a couple of the Samba guys were discussing how to "enumerate NIS+ maps" for something or other. I'm hoping they are not on the verge of recreating this problem somewhere else and those messages help me move my release schedule for this advisory up a bit. Time to send Luke and Jeremy their personal copies... :-)
toomas soome Tartu University, Estonia -- Gee, I feel kind of LIGHT in the head now, knowing I can't make my satellite dish PAYMENTS!
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Forwared to me, (continued)
- Forwared to me Raymond Medeiros (Jul 08)
- Re: Forwared to me Solar Designer (Jul 09)
- Remote count.cgi exploit mods _ _ (Jul 09)
- Re: Remote count.cgi exploit mods Gus (Jul 11)
- Re: Forwared to me Raymond Medeiros (Jul 09)
- socks5 1.0r5 buffer overflow.. Zach Brown (Jul 10)
- Re: Forwared to me Toomas Soome (Jul 10)
- Re: Forwared to me Michael H. Warfield (Jul 13)
- Re: Forwared to me Raymond Medeiros (Jul 13)
- Re: Forwared to me Toomas Soome (Jul 13)
- Re: Forwared to me Michael H. Warfield (Jul 13)
- Forwared to me Raymond Medeiros (Jul 08)
- Re: Forwared to me Jason Downs (Jul 13)
- Re: Forwared to me Illuminatus Primus (Jul 13)
- Netware 4.x Attack Tool Announcement Simple Nomad (Jul 13)
- Re: ncurses 4.1 security bug Pavel Kankovsky (Jul 09)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- inetd can leak file descriptors +FIX Jeff Forys (Jul 14)
- Re: ncurses 4.1 security bug Alexander Kjeldaas (Jul 15)