Bugtraq mailing list archives

Re: Solaris 2.5.1/2.6 fingerd bug

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 6 Aug 1998 20:29:49 +0200

Fiji (jfay) wrote:

try finger @host@host@host....145 times.... This should run the # of
processes in excess of 1500 and shoot the system load up to at least 13.5.

You can also do a finger @hosta@hostb where hostb is a machine running
2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id
is 4161606 but yet there is no patch available as of today.


Yep, same thing happens for x86 running 2.6.



It's not new nor reintroduced.  It's been in fingerd forever.

Casper

Current thread:

Solaris 2.5.1/2.6 fingerd bug Fiji (Aug 05)
- Re: Solaris 2.5.1/2.6 fingerd bug James Garnett (Aug 05)
  - Solaris 2.4 pop buffer overrun Julio Casal (Aug 05)
    - Re: Solaris 2.4 pop buffer overrun Matthew R. Potter (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Joseph Moran (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 07)
  - Re: Solaris 2.5.1/2.6 fingerd bug Casper Dik (Aug 06)
    - Re: Solaris 2.5.1/2.6 fingerd bug Matthew R. Potter (Aug 06)
    - ADMsmb security scanner for samba The ADM Crew (Aug 06)
    - Eudora executes (Java) URL Stout, Bill (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 07)
    - Re: Eudora executes (Java) URL John D. Hardin (Aug 08)
  - IRIX IP Spoofing/TCP Sequence Attack Update SGI Security Coordinator (Aug 06)
  - IRIX BIND DNS Vulnerabilities Update SGI Security Coordinator (Aug 06)
  - BSD/Qualcomm qpopper Vulnerability SGI Security Coordinator (Aug 06)
  - University of Washington imapd daemon Vulnerability SGI Security Coordinator (Aug 06)
  - New Eudora bug ? Patrick Oonk (Aug 07)

(Thread continues...)