From owner-freebsd-bugs Thu Jan 8 19:16:34 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id TAA02464 for bugs-outgoing; Thu, 8 Jan 1998 19:11:50 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA02352; Thu, 8 Jan 1998 19:10:53 -0800 (PST) (envelope-from jmg@FreeBSD.org) From: John-Mark Gurney Received: (from jmg@localhost) by freefall.freebsd.org (8.8.6/8.8.5) id RAA05704; Thu, 8 Jan 1998 17:04:04 -0800 (PST) Date: Thu, 8 Jan 1998 17:04:04 -0800 (PST) Message-Id: <199801090104.RAA05704@freefall.freebsd.org> To: fosters@dvalley.demon.co.uk, jmg@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: bin/5434 Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Synopsis: "backdoor" in fingerd allows execution of commands State-Changed-From-To: open-closed State-Changed-By: jmg State-Changed-When: Thu Jan 8 17:01:24 PST 1998 State-Changed-Why: sounds like you must not of upgraded your inetd.conf... all three of the 2.2.1-R boxes, one of the 2.2-stable boxes, and the -current source all show that fingerd is run by nobody... and in your example, I couldn't even get a directory listing like you said... the closest was when I ran finger `ls`, which gave me an error saying finger: xxx no such user found for most of the files in my directory... telneting directly to 79 results in: hydrogen,ttyq3,~,501$telnet localhost 79 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. `ls` finger: `ls`: no such user Connection closed by foreign host.