I just found this out yesterday, and I don't think it's been in the postings before, but on AIX (I tested this on 4.2) if one's gecos field is set to more than 99 characters, Finger starts acting really strange. First off, it acts normal when you finger the whole host (to see who is on) or if you finger the user with the long gecos. When you do this, it spews out all of it's info into the "In Real Life:" part. It doesn't truncate the gecos info. I've gotten finger to scroll through a few pages of gecos, but 100 characters is all it takes to affect the rest. when a user fingers any other user, existant or not, finger dumps core. chfn (the command used to edit one's gecos info) will allow me to plop over 100 LINES of information into it. It eventually locks up, and I have no way to get out of it (short of opening another connection and killing chfn or just closing the connection) The core files generated by finger look pretty harmless. I don't know a lot about exploits, but I'm thinking this might mean bad things for people who allow remote finger connections. .-= axon2017at_private =-.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:20:00 PDT