[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: fingerd
From:       Jeremy Rauch <jrauch () SECURITYFOCUS ! COM>
Date:       2000-04-27 22:35:06
[Download RAW message or body]

On Thu, Apr 27, 2000 at 02:06:06PM +0300, Psarras Nikos wrote:
> I am new on the list so i dont know if you knew that.
>
> On Irix 6.4 with all patches installed the fingerd seems to like to
> display the shadow file to all users.
>
> >ln -s /etc/shadow /path/user/.plan
> >finger user@irix64.show.shadow
>
>
> This feature was found by a student -Zanikolas Serafim- while he was
> reading a 9 years old system administrator's book.

I find this very very hard to believe.  6.5 and 6.2 are not vulnerable.
Both run fingerd as 'guest'

finger  stream  tcp     nowait  guest   /usr/etc/fingerd        fingerd

making it impossible for finger to return the shadow.  Unless someone
at SGI went and changed fingerd to run as root for the 6.4 release, and
fixed it for 6.5, something is amiss here.  6.4 isn't a release I've been
able to find someone running, however...
Have you checked the permissions on /etc/shadow?
-Jeremy

[prev in list] [next in list] [prev in thread] [next in thread]