Date: Fri, 11 Sep 1998 20:25:33 +0200 (CEST) From: Michal Listos <mcl@mtl.pl> To: Hector Gonzalez Jaime <cacho@ns.iteso.mx> Cc: security@FreeBSD.ORG Subject: Re: fingerd exploit Message-ID: <Pine.BSF.4.00.9809112024350.18423-100000@Amnesiac.123.org> In-Reply-To: <Pine.BSF.3.91.980911124340.7689A-100000@naserv.gdl.iteso.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Sep 1998, Hector Gonzalez Jaime wrote:
> Maybe it has something to do with a message in bugtraq (like a month ago)
> about finger forwarding? It affected Solaris/SunOS, and it has something
> to do with fingerd allowing you to do this:
>
> finger user@host.one@host.two@host.three@so.on
>
> FreeBSD's fingerd lets you do this one, don't know if it hurts or not.
>From FreeBSD's fingerd manual page:
-s Enable secure mode. Queries without a user name are rejected and
forwarding of queries to other remote hosts is denied.
Michal
* Reincarnation: Life sucks, then you die. Then life sucks again.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9809112024350.18423-100000>