Re: finger-bombing

Charles Howes (chowes@helix.net)
Fri, 14 Oct 1994 00:49:47 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Breakdown: "Re: finger-bombing"
Previous message: Supak Lailert \: "Re: finger-bombing"
In reply to: Scott Chasin: "Re: finger-bombing"
Next in thread: Jonathan M. Bresler: "Re: finger-bombing"

On Thu, 13 Oct 1994, Scott Chasin wrote:

> There is a serious bug in the Ultrix OS which allows a remote finger
> request to dump all known user finger profiles back out to the
> requestor (this has been known for quite some time).
> 
> Example: finger @@some.ultrix.host.com
> 
> This would dump all system known users.  The first '@' is translated to
> a NULL and fools fingerd into dumping everything.
> 
> --
> 
> The same hack in a different fashion on SunOS 4.1.x will give random users
> profiles (at least from what I have seen.. At one time I thought not).
> 
> Example: finger 23234123123123123@some.sunos.host.com
> 
> The rather large number has strange effect on fingerd -- I haven't looked
> close enought to see what.
> 
> --Scott
> chasin@crimelab.com

Try 'finger 0@some.sunos.host.com'.

There's code in finger to determine which building a person is in, and
they're numbered.  Berkeley buildings, I think.

It was in the comp.sys.bugs.bsd (or some permutation thereof) a while
back.  (I couldn't *get* any more vague, sorry.)

ObBug: Ooops, just used it.
--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: Breakdown: "Re: finger-bombing"
Previous message: Supak Lailert \: "Re: finger-bombing"
In reply to: Scott Chasin: "Re: finger-bombing"
Next in thread: Jonathan M. Bresler: "Re: finger-bombing"