Date: Thu, 8 Jan 1998 16:09:35 -0800 (PST) From: Jan Koum <jkb@best.com> To: fosters@dvalley.demon.co.uk Cc: FreeBSD-gnats-submit@freebsd.org, GNATS Management <gnats@freebsd.org>, freebsd-bugs@hub.freebsd.org Subject: Re: bin/5434: "backdoor" in fingerd allows execution of commands Message-ID: <Pine.BSF.3.96.980108160850.20763A-100000@shell6.ba.best.com> In-Reply-To: <199801050521.AAA01286@dvalley.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Jan 1998 fosters@dvalley.demon.co.uk wrote: > >>How-To-Repeat: > > At a shell prompt type: > > % finger `ls` > > Will give a directory listing of the current directory. If you telnet > to port 79, you can use it almost like a shell.. e.g. > > % telnet localhost 79 > > then type: > > `rm -R /` > > and say goodbye to /. fingerd was running as root on my system, bad > news! > Did you actually try it on your system? -- Yan >>Fix: > > Comment out fingerd from the inetd.conf and reboot or kill -HUP 126 > >>Audit-Trail: >>Unformatted: >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980108160850.20763A-100000>