Re: finger-bombing

Tom Fitzgerald (fitz@wang.com)
Fri, 14 Oct 94 1:18:56 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark C. Henderson: "Re: Speaking of finger?"
Previous message: Charles Howes: "Re: finger-bombing, abuse timeout"
In reply to: Scott Chasin: "Re: finger-bombing"
Next in thread: Marco S Hyman: "Re: finger-bombing"

> The same hack in a different fashion on SunOS 4.1.x will give random users
> profiles (at least from what I have seen.. At one time I thought not).
> 
> Example: finger 23234123123123123@some.sunos.host.com
> 
> The rather large number has strange effect on fingerd -- I haven't looked
> close enought to see what.

I can't make this behave any differently than "finger 1@some.sunos.host";
it prints detailed info on all users who have a blank gecos field.  It
seems to fall into some code in finger that assumes that numbers are office
numbers (or building numbers or something) and throws them away.  Then it
takes the remainder (in this case, the null string) and prints all users
with matching gecos fields.

-- 
Tom Fitzgerald    1-508-967-5278    Wang Labs, Lowell MA, USA    fitz@wang.com

Next message: Mark C. Henderson: "Re: Speaking of finger?"
Previous message: Charles Howes: "Re: finger-bombing, abuse timeout"
In reply to: Scott Chasin: "Re: finger-bombing"
Next in thread: Marco S Hyman: "Re: finger-bombing"