Bugtraq mailing list archives
Re: Forwared to me
From: vermont () gate net (Illuminatus Primus)
Date: Mon, 13 Jul 1998 12:54:11 -0400
On Fri, 10 Jul 1998, Solar Designer wrote:
# mv /usr/bin/finger /usr/bin/finger.exe # cat > /usr/bin/finger #!/bin/sh exec /usr/bin/finger.exe -m $* ^D # chmod +x /usr/bin/fingerHmm, weird, this doesn't look safe to me. Why trust the extra parsing done by the shell?
Which happens to include filename globbing. This "fix" will now allow people to do: finger '/*@hostname'.. Which could reveal a lot more information than finger was intended to.. Not to mention finger '/*/*/*/*/*@hostname' .. which might turn out to be a far worse DOS than the original attack. If we are forced to use a shell, #!/bin/sh exec /usr/bin/finger -m "$*" will prevent the arguments from being globbed, at least with my version of bash (2.02.0(1)-release). -Illuminatus Pimpus vermont () gate net
Current thread:
- Remote count.cgi exploit mods, (continued)
- Remote count.cgi exploit mods _ _ (Jul 09)
- Re: Remote count.cgi exploit mods Gus (Jul 11)
- Re: Forwared to me Raymond Medeiros (Jul 09)
- socks5 1.0r5 buffer overflow.. Zach Brown (Jul 10)
- Re: Forwared to me Toomas Soome (Jul 10)
- Re: Forwared to me Michael H. Warfield (Jul 13)
- Re: Forwared to me Raymond Medeiros (Jul 13)
- Re: Forwared to me Toomas Soome (Jul 13)
- Re: Forwared to me Michael H. Warfield (Jul 13)
- Re: Forwared to me Jason Downs (Jul 13)
- Re: Forwared to me Illuminatus Primus (Jul 13)
- Netware 4.x Attack Tool Announcement Simple Nomad (Jul 13)
- Re: ncurses 4.1 security bug Pavel Kankovsky (Jul 09)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- inetd can leak file descriptors +FIX Jeff Forys (Jul 14)
- Re: ncurses 4.1 security bug Alexander Kjeldaas (Jul 15)
- Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Geoffrey KEATING (Jul 14)