Date: Thu, 8 Jan 1998 17:04:04 -0800 (PST) From: John-Mark Gurney <jmg@FreeBSD.ORG> To: fosters@dvalley.demon.co.uk, jmg@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: bin/5434 Message-ID: <199801090104.RAA05704@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: "backdoor" in fingerd allows execution of commands State-Changed-From-To: open-closed State-Changed-By: jmg State-Changed-When: Thu Jan 8 17:01:24 PST 1998 State-Changed-Why: sounds like you must not of upgraded your inetd.conf... all three of the 2.2.1-R boxes, one of the 2.2-stable boxes, and the -current source all show that fingerd is run by nobody... and in your example, I couldn't even get a directory listing like you said... the closest was when I ran finger `ls`, which gave me an error saying finger: xxx no such user found for most of the files in my directory... telneting directly to 79 results in: hydrogen,ttyq3,~,501$telnet localhost 79 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. `ls` finger: `ls`: no such user Connection closed by foreign host.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801090104.RAA05704>