From owner-freebsd-bugs  Thu Jan  8 16:11:53 1998
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA21763
          for bugs-outgoing; Thu, 8 Jan 1998 16:11:53 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA21621;
          Thu, 8 Jan 1998 16:09:48 -0800 (PST)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.8.8/8.8.BEST) with SMTP id QAA21961; Thu, 8 Jan 1998 16:09:35 -0800 (PST)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Thu, 8 Jan 1998 16:09:35 -0800 (PST)
From: Jan Koum <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: fosters@dvalley.demon.co.uk
cc: FreeBSD-gnats-submit@freebsd.org, GNATS Management <gnats@freebsd.org>,
        freebsd-bugs@hub.freebsd.org
Subject: Re: bin/5434: "backdoor" in fingerd allows execution of commands
In-Reply-To: <199801050521.AAA01286@dvalley.demon.co.uk>
Message-ID: <Pine.BSF.3.96.980108160850.20763A-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 5 Jan 1998 fosters@dvalley.demon.co.uk wrote:

>
>>How-To-Repeat:
>
>	At a shell prompt type:
>	
>	% finger `ls`
>	
>	Will give a directory listing of the current directory. If you telnet
>	to port 79, you can use it almost like a shell.. e.g.
>	
>	% telnet localhost 79
>	
>	then type:
>	
>	`rm -R /`
>	
>	and say goodbye to /. fingerd was running as root on my system, bad
>	news!
>

	Did you actually try it on your system?

-- Yan

>>Fix:
>	
>	Comment out fingerd from the inetd.conf and reboot or kill -HUP 126
>
>>Audit-Trail:
>>Unformatted:
>