From owner-freebsd-hackers Mon Mar 13 14:50:23 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA01127 for hackers-outgoing; Mon, 13 Mar 1995 14:50:23 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA01121 for ; Mon, 13 Mar 1995 14:50:20 -0800 Received: by sequent.kiae.su id AA06644 (5.65.kiae-2 ); Tue, 14 Mar 1995 01:34:48 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 14 Mar 95 01:34:46 +0300 Received: (from ache@localhost) by astral.msk.su (8.6.8/8.6.6) id BAA00285; Tue, 14 Mar 1995 01:34:43 +0300 To: Remy CARD , hackers@FreeBSD.org References: <199503131944.UAA10022@hebe.ibp.fr> In-Reply-To: <199503131944.UAA10022@hebe.ibp.fr>; from Remy CARD at Mon, 13 Mar 1995 20:44:27 +0100 (MET) Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 14 Mar 1995 01:34:42 +0300 X-Mailer: Mail/@ [v2.32 FreeBSD] From: "Andrey A. Chernov, Black Mage" X-Class: Fast Subject: Re: finger @ bug (fwd) Lines: 40 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1659 Sender: hackers-owner@FreeBSD.org Precedence: bulk In message <199503131944.UAA10022@hebe.ibp.fr> Remy CARD writes: > This has just been sent to the linux-security mailing list. Since >the FreeBSD's fingerd also has the bug, could someone please integrate the >fix? >Forwarded message: >> Subject: finger @ bug >> To: linux-security@tarsier.cv.nrao.edu >> Date: Mon, 13 Mar 1995 14:58:31 +0100 (MEZ) >> From: Marek Michalkiewicz >> >> Hi, >> >> in.fingerd has a bug which allows "recursive" fingering. For example: >> >> finger user@host.other.domain@host.domain >> This one isn't a bug but old-know routing feature, bug itself is to issue finger @@@@@@@@@@@@@@@@@@@@@@@@ ... 200 times ... @@@@@@@@@@@@@@@host it cause to start 200 fingerd on specified host. Using this in loop cause process table full on remote host. >> The bug is known for quite some time, and is not Linux-specific (it exists >> at least in SunOS, Solaris, SCO, IRIX, FreeBSD - but has been fixed in HP-UX >> for example). It has some security implications: if you only allow finger >> access from local domain, you must do this on all machines in local domain. >> and it makes denial of service attack possible, especially on smaller Linux >> boxes (by forking lots of processes). >> You can easily avoid this bug by specifying -s key for fingerd. It is already done in default inetd.conf for FreeBSD. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - FidoNet: 2:5020/230.3 : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849