Re: SunOS 4.1.4 fingerd

Taner Halicioglu (taner@sdsc.edu)
Fri, 17 May 1996 09:56:21 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrick Ferguson: "Re: SunOS 4.1.4 fingerd"
Previous message: Steve Reid: "Re: BoS: SECURITY BUG in FreeBSD"
In reply to: Dave Dittrich: "Re: SunOS 4.1.4 fingerd"
Next in thread: Craig Raskin: "Re: SunOS 4.1.4 fingerd"

On Thu, 16 May 1996, Dave Dittrich wrote:

> The trick, as I learned it, was to use @@XXX.com on Ultrix systems.
> After a quick test, I notice that single letters and "." don't work on
> Ultrix, but any digit or "@" does.  Go figure.  Probably some Berkeley
> student had a hangover the day they coded finger?

Well, the normal finger program will finger @localhost if you specify
simply:

  finger @

so when you do, for example:

  finger @@foo.bar.com

foo.bar.com will receive the finger with the data "@" and then proceed to
finger itself (localhost).  A simple denial of service attack is to do:

  finger @@@@@@@@@@@@@@@@@@[...]@@@foo.bar.com

You can imagine what this will cause... :-)  I trivial fix is to look for
an '@' sign in the sent string (in in.fingerd) and deny the finger.

        -Taner
-------------------------=[ D. Taner Halicioglu ]=----------------------------
   taner@sdsc.edu     The San Diego Supercomputer Center, Workstation Services
   taner@ucsd.edu     U. of California, San Diego - Revelle - Computer Sci.
                      IRC Admin for irc.sdsc.edu/irc.ucsd.edu/irc.cerf.net
taner@mecca.epri.com  EPRI - 3412 Hillview Ave, Palo Alto, CA
-------------=[ Linux 1.3.* OS - http://www.sdsc.edu/~taner/ ]=---------------

Next message: Patrick Ferguson: "Re: SunOS 4.1.4 fingerd"
Previous message: Steve Reid: "Re: BoS: SECURITY BUG in FreeBSD"
In reply to: Dave Dittrich: "Re: SunOS 4.1.4 fingerd"
Next in thread: Craig Raskin: "Re: SunOS 4.1.4 fingerd"