Vulnerability Development mailing list archives
report finger gives long list of users
From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Mon, 19 Mar 2001 15:31:45 +0100
Hi, recently found on a compromised host somewhere a script containing the following very interesting line was found: finger "0 1 2 3 4 5 6 7 8 9"@host If "host" is a Solaris host with finger service enabled in /etc/inetd.conf, one will get a complete (?) list of accounts on this system. Workaround: disable finger service in /etc/inetd.conf For this is already found in the wild and there seems to be no patch for this undocumented feature the vuln-dev list of security focus is included. Best regards, Jens Hektor -- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, firewalls/network security mailto:hektor () RZ RWTH-Aachen DE, Tel.: +49 241 80 4866, Raum: 2.35 Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889
Current thread:
- report finger gives long list of users Jens Hektor (Mar 20)
- Re: report finger gives long list of users John Galt (Mar 23)
- Re: report finger gives long list of users Jens Hektor (Mar 23)
- Re: report finger gives long list of users Larry W. Cashdollar (Mar 25)
- Re: report finger gives long list of users warning3 (Mar 28)
- Re: report finger gives long list of users Joseph Nicholas Yarbrough (Mar 28)
- Re: report finger gives long list of users Juan M. Courcoul (Mar 28)
- Re: report finger gives long list of users Air Force Guy (Mar 28)
- Re: report finger gives long list of users Meritt James (Mar 28)
- Re: report finger gives long list of users Edsel Adap (Mar 28)
- Re: report finger gives long list of users olle (Mar 28)
- Re: report finger gives long list of users John Galt (Mar 23)