Jim Mellander wrote:
Does anyone know of other platforms which exhibit this odd behavior?
No, I think this is a Solaris-particular bug. I'd suggest to block
finger requests to these old[1] hosts, or turn off the finger daemon
alltogether...
Joep
[1] After all, Solaris 7 is from '98...
Gadi,
[...]
One note: although it could just as well be a bug, who says it was not a
backdoor in the early 90's?
Also, I understand this does not work on older Solaris/SunOS systems
(anyone can verify?)
I can. It is not present in anything before Solaris 10.
which adds to my personal
Lukasz,
I think about a case where a CGI script saves some important
information in a temporary file, like PHP do with the sessions:
-rw--- 1 nobody nobody329 May 14 12:16 /tmp/sess_0cd156a633
When you have installed in.fingerd, and the in.fingerd is vulnerable,
all local
