TUCoPS :: SunOS/Solaris :: fingersn.htm

SunOS - finger your way to all accounts listing! 
Vulnerability

    fingerd

Affected

    SunOS

Description

    Jens Hektor found following.   He recently found on a  compromised
    host somewhere a script containing the following very  interesting
    line was found:

        finger "0 1 2 3 4 5 6 7 8 9"@host

    If  "host"  is  a  Solaris  host  with  finger  service enabled in
    /etc/inetd.conf, one will get a  complete (?) list of accounts  on
    this system.

    Actually,  the  good  old  finger  forwarding  'feature' ist still
    possible with Suns  and it's well  documented in the  manual page.
    Still, it works even with Solaris 8.

Solution

    Disable finger  service in  /etc/inetd.conf.   SUN has  assigned a
    bugid (4298915:'in.fingerd can store a NULL after end of an  array
    on the stack') for the described problem and stated that they  are
    working on a patch for all affected versions.

    Well, not to flaunt the obvious, but the best solution to this is

        # grep finger /etc/inetd.conf

        #finger stream  tcp     nowait  nobody  /usr/sbin/in.fingerd in.fingerd

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH