Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: report finger gives long list of users

From: Air Force Guy <ghull () MINDSPRING COM>
Date: Wed, 28 Mar 2001 08:48:32 -0500
You can duplicate this "old" problem by telneting to the target on port 79
and if the port is open, enter the character string "@ @ @ @ @ @ @ @" and
hit return.  All users who have logged in will be listed.

On Wed, 28 Mar 2001, warning3 wrote:


If you use digits as username, Solaris "finger" will list the users who have not
configured full name in /etc/passwd.

I heard that DG-UX  has this "feature" too.

[root@ /]> uname -sr
SunOS 5.6
[root@ /]> cat /etc/passwd
root:x:0:1:Super-User:/:/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:Nobody:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
blah:x:501:100::/export/home/blah:/bin/sh

[root@ /]> finger 1234567@localhost
[localhost]
Login       Name               TTY         Idle    When    Where
daemon          ???                         < .  .  .  . >
bin             ???                         < .  .  .  . >
sys             ???                         < .  .  .  . >
blah            ???            pts/1        <Mar  7 21:55> xx.xx.xx.xx



---Original Message---

From : "Larry W. Cashdollar" <lwc () VAPID DHS ORG>

Date : Fri, 23 Mar 2001 12:37:12 -0500


This is actually an old problem where you could finger 0@sunhost and get a
list of users.  It appears it still works for solaris 2.7, not sure about
2.8.




Regards,
warning3 <warning3 () nsfocus com>
http://www.nsfocus.com



--
Gary G. Hull
Previous By Date Next
Previous By Thread Next

Current thread: