Bugtraq mailing list archives
Re: fingerd
From: jrauch () SECURITYFOCUS COM (Jeremy Rauch)
Date: Thu, 27 Apr 2000 15:35:06 -0700
On Thu, Apr 27, 2000 at 02:06:06PM +0300, Psarras Nikos wrote:
I am new on the list so i dont know if you knew that. On Irix 6.4 with all patches installed the fingerd seems to like to display the shadow file to all users.ln -s /etc/shadow /path/user/.plan finger user () irix64 show.shadowThis feature was found by a student -Zanikolas Serafim- while he was reading a 9 years old system administrator's book.
I find this very very hard to believe. 6.5 and 6.2 are not vulnerable. Both run fingerd as 'guest' finger stream tcp nowait guest /usr/etc/fingerd fingerd making it impossible for finger to return the shadow. Unless someone at SGI went and changed fingerd to run as root for the 6.4 release, and fixed it for 6.5, something is amiss here. 6.4 isn't a release I've been able to find someone running, however... Have you checked the permissions on /etc/shadow? -Jeremy
Current thread:
- Re: Solaris 7 x86 lpset exploit., (continued)
- Re: Solaris 7 x86 lpset exploit. Casper Dik (Apr 28)
- SECURITY: [RHSA-2000:014-10] Updated piranha packages available Cristian Gafton (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:14.imap-uw FreeBSD Security Officer (Apr 24)
- FreeBSD Security Advisory: FreeBSD-SA-00:15.imap-uw FreeBSD Security Officer (Apr 24)
- piranha default password/exploit Max Vision (Apr 24)
- Re: piranha default password/exploit Cristian Gafton (Apr 25)
- Re: piranha default password/exploit CDI (Apr 25)
- Re: piranha default password/exploit Matt Wilson (Apr 26)
- fingerd Psarras Nikos (Apr 27)
- Re: fingerd Brock Sides (Apr 27)
- Re: fingerd Jeremy Rauch (Apr 27)
- Cartfix Secret Backdoor Patch tool for cart32 Weld Pond (Apr 27)
- ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Aleph One (Apr 25)
- Re: ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Cristian Gafton (Apr 25)