Re: Solaris 2.5.1/2.6 fingerd bug

From: Casper Dik (casperat_private)
Date: Thu Aug 06 1998 - 11:29:49 PDT

Next message: SGI Security Coordinator: "IRIX IP Spoofing/TCP Sequence Attack Update"

Previous message: X-Force: "ISS Security Advisory: cDc BackOrifice Backdoor"
Maybe in reply to: Fiji: "Solaris 2.5.1/2.6 fingerd bug"
Next in thread: Joseph Moran: "Re: Solaris 2.5.1/2.6 fingerd bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Fiji (jfay) wrote:
>> try finger @host@host@host....145 times.... This should run the # of
>> processes in excess of 1500 and shoot the system load up to at least 13.5.
>>
>> You can also do a finger @hosta@hostb where hostb is a machine running
>> 2.5.1 or 2.6. Now this has not been confirmed on Solaris (x86). The bug id
>> is 4161606 but yet there is no patch available as of today.
>
>Yep, same thing happens for x86 running 2.6.


It's not new nor reintroduced.  It's been in fingerd forever.

Casper

Next message: SGI Security Coordinator: "IRIX IP Spoofing/TCP Sequence Attack Update"
Previous message: X-Force: "ISS Security Advisory: cDc BackOrifice Backdoor"
Maybe in reply to: Fiji: "Solaris 2.5.1/2.6 fingerd bug"
Next in thread: Joseph Moran: "Re: Solaris 2.5.1/2.6 fingerd bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:32 PDT