Date: Thu, 8 Jan 1998 19:10:04 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: freebsd-bugs Subject: Re: bin/5434: "backdoor" in fingerd allows execution of commands Message-ID: <199801090310.TAA02233@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/5434; it has been noted by GNATS. From: Marc Slemko <marcs@znep.com> To: fosters@dvalley.demon.co.uk Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/5434: "backdoor" in fingerd allows execution of commands Date: Thu, 8 Jan 1998 17:47:41 -0700 (MST) On Mon, 5 Jan 1998 fosters@dvalley.demon.co.uk wrote: > >Description: > > When finger'ing a username surrounded by ` marks, fingerd will execute > the command enclosed in the ` marks. > > >How-To-Repeat: > > At a shell prompt type: > > % finger `ls` No. Your shell is interpreting the backtics. > > Will give a directory listing of the current directory. If you telnet > to port 79, you can use it almost like a shell.. e.g. > > % telnet localhost 79 > > then type: > > `rm -R /` > > and say goodbye to /. fingerd was running as root on my system, bad Go ahead and try it. It won't work. BTW, I don't think it is fingerd running as root. If anything, it is you running as root when you try it from a shell prompt. If fingerd is running as root, then you probably changed it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801090310.TAA02233>