Vulnerability Development mailing list archives
Re: report finger gives long list of users
From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Thu, 22 Mar 2001 07:48:52 +0100
John Galt schrieb:
That's one WEIRD parse. [0-9] should not return true for "sam". I'd suggest that the actual thing is that the kiddie (or one of their friends) has a penchant for r00t users with numerical usernames to "hide". Numeric usernames are also common in FTP: perhaps they were looking for a ftpd 'sploit?
No. They did a brute force login attack with password = login.
If it does as you say, it's documented in the protocol. RFC 1288 section 3.2.6.
:-) Alright. Actually, the good old finger forwarding 'feature' ist still possible with Suns and it's well documented in the manual page. Finally: SUN has assigned a bugid (4298915:'in.fingerd can store a NULL after end of an array on the stack') for the described problem and stated that they are working on a patch for all affected versions. Bye, Jens Hektor -- Jens Hektor, RWTH Aachen, Rechenzentrum, Seffenter Weg 23, 52074 Aachen Computing Center Technical University Aachen, firewalls/network security mailto:hektor () RZ RWTH-Aachen DE, Tel.: +49 241 80 4866, Raum: 2.35 Private: Rochusstr. 26, D52062 Aachen, Fon: +49 241 29888, Fax: % 29889
Current thread:
- report finger gives long list of users Jens Hektor (Mar 20)
- Re: report finger gives long list of users John Galt (Mar 23)
- Re: report finger gives long list of users Jens Hektor (Mar 23)
- Re: report finger gives long list of users Larry W. Cashdollar (Mar 25)
- Re: report finger gives long list of users warning3 (Mar 28)
- Re: report finger gives long list of users Joseph Nicholas Yarbrough (Mar 28)
- Re: report finger gives long list of users Juan M. Courcoul (Mar 28)
- Re: report finger gives long list of users Air Force Guy (Mar 28)
- Re: report finger gives long list of users Meritt James (Mar 28)
- Re: report finger gives long list of users Edsel Adap (Mar 28)
- Re: report finger gives long list of users olle (Mar 28)
- Re: report finger gives long list of users John Galt (Mar 23)
- <Possible follow-ups>
- Re: report finger gives long list of users Robert G. Ferrell (Mar 28)
- Re: report finger gives long list of users Schott, Erik (CORP, GEAccess) (Mar 28)