Date: Fri, 11 Sep 1998 12:46:57 -0500 (CDT) From: Hector Gonzalez Jaime <cacho@ns.iteso.mx> To: Mike <mike@seidata.com> Cc: Lutz Rabing <LutzRab@omc.net>, security@FreeBSD.ORG Subject: Re: fingerd exploit Message-ID: <Pine.BSF.3.91.980911124340.7689A-100000@naserv.gdl.iteso.mx> In-Reply-To: <Pine.BSF.4.01.9809111015030.29005-100000@ns1.seidata.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Maybe it has something to do with a message in bugtraq (like a month ago) about finger forwarding? It affected Solaris/SunOS, and it has something to do with fingerd allowing you to do this: finger user@host.one@host.two@host.three@so.on FreeBSD's fingerd lets you do this one, don't know if it hurts or not. On Fri, 11 Sep 1998, Mike wrote: > On Fri, 11 Sep 1998, Lutz Rabing wrote: > > > Has anybody heared of a fingerd exploit ? > > Yes and no... I haven't heard of a 'exploit', but I have heard > conversations about finger oddities... namely I've overheard people > discussing 'odd behavior on the part of finger'. I, unfortuneately, > don't have much more information. The oddity did relate to multiple > instances of fingerd (as you report), I believe... > > Do you run the vanilla finger or a variant such as secure finger? > > -mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980911124340.7689A-100000>