Bugtraq mailing list archives

Solaris 2.5.1/2.6 fingerd bug

From: jfay () STETSON EDU (Fiji)
Date: Wed, 5 Aug 1998 11:39:02 -0400


Well it seems that Sun reintroduced the finger forwarding  and finger DoS
into Solaris 2.5.1 and 2.6.

try finger @host@host@host....145 times.... This should run the # of
processes in excess of 1500 and shoot the system load up to at least 13.5.

You can also do a finger @hosta@hostb where hostb is a machine running
2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id
is 4161606 but yet there is no patch available as of today.


-Fiji

Current thread:

Solaris 2.5.1/2.6 fingerd bug Fiji (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
  - Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
    - Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
    - ADMsmb security scanner for samba The ADM Crew (Aug 06)
    - Eudora executes (Java) URL Stout, Bill (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 07)

(Thread continues...)