Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: fingerd problems

From: pickerin () fuse net (Robert A. Pickering Jr.)
Date: Fri, 17 May 1996 14:08:02 -0400

On Fri, 17 May 1996, Brian Mitchell wrote:


Some www servers also include the 'finger' cgi program, which can be used
in much the same way, ie:

lynx http://www.cgis.net/cgi-bin/finger\?user@host

Brian Mitchell                  brian () saturn net

"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman



Additionally, this a method often used to get past a firewall
configuration where the WWW server is a "trusted host" but the
user on the Internet is not.

We've removed all the "standard" cgi-bin programs from all our hosted
websites for this very reason.

--
Robert A. Pickering Jr.                Internet Services Manager
Cincinnati Bell Telephone              pickerin () fuse net

           A Rough Whimper of Insanity (Information Superhighway)

PGP key ID: 75CAFF7D 1995/05/09
PGP Fingerprint: B1 63 0C 09 D8 2E 5D 69  BB 61 A2 92 22 37 63 C3
Previous By Date Next
Previous By Thread Next

Current thread: