Vulnerability Development mailing list archives
Re: report finger gives long list of users
From: "Juan M. Courcoul" <courcoul () campus qro itesm mx>
Date: Wed, 28 Mar 2001 10:59:53 -0600
Granted that this is a security breach that should be addressed at the source, but perhaps the sysadmin should take a good hard look and decide if the finger service is REALLY needed. In a single purpose dedicated host, do you need to know who is logged in via telnet or what the account's vital stats are ? At the very least, you should protect it via a TCP Wrapper or suchlike, so that only trusted hosts can have access. JMC Joseph Nicholas Yarbrough wrote:
I can confirm this "feature" on solaris 8. "finger 0@localhost" & "finger 1234567@localhost" both return the list of users. -Nick On Tuesday 27 March 2001 22:19, warning3 wrote:If you use digits as username, Solaris "finger" will list the users who have not configured full name in /etc/passwd. I heard that DG-UX has this "feature" too. [root@ /]> uname -sr SunOS 5.6 [root@ /]> cat /etc/passwd root:x:0:1:Super-User:/:/bin/bash daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico listen:x:37:4:Network Admin:/usr/net/nls: nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: blah:x:501:100::/export/home/blah:/bin/sh [root@ /]> finger 1234567@localhost [localhost] Login Name TTY Idle When Where daemon ??? < . . . . > bin ??? < . . . . > sys ??? < . . . . > blah ??? pts/1 <Mar 7 21:55> xx.xx.xx.xx ---Original Message---From : "Larry W. Cashdollar" <lwc () VAPID DHS ORG>Date : Fri, 23 Mar 2001 12:37:12 -0500This is actually an old problem where you could finger 0@sunhost and get a list of users. It appears it still works for solaris 2.7, not sure about 2.8.Regards, warning3 <warning3 () nsfocus com> http://www.nsfocus.com
Current thread:
- report finger gives long list of users Jens Hektor (Mar 20)
- Re: report finger gives long list of users John Galt (Mar 23)
- Re: report finger gives long list of users Jens Hektor (Mar 23)
- Re: report finger gives long list of users Larry W. Cashdollar (Mar 25)
- Re: report finger gives long list of users warning3 (Mar 28)
- Re: report finger gives long list of users Joseph Nicholas Yarbrough (Mar 28)
- Re: report finger gives long list of users Juan M. Courcoul (Mar 28)
- Re: report finger gives long list of users Air Force Guy (Mar 28)
- Re: report finger gives long list of users Meritt James (Mar 28)
- Re: report finger gives long list of users Edsel Adap (Mar 28)
- Re: report finger gives long list of users olle (Mar 28)
- Re: report finger gives long list of users John Galt (Mar 23)
- <Possible follow-ups>
- Re: report finger gives long list of users Robert G. Ferrell (Mar 28)
- Re: report finger gives long list of users Schott, Erik (CORP, GEAccess) (Mar 28)