cfingerd vulnerability

Rodrigo Barbosa (rodrigob@MORCEGO.LINKWAY.COM.BR)
Fri, 23 May 1997 22:45:04 -0300

        i don't know if it has been noticed before, but cfingerd installs,
by default, a search service. You can use it as:

finger search.username@host

Thats ok, but you can use keymasks. And if you do:

finger search.*@host

you can get a list of all the users in the system.

I've tried it if cfinger 1.2.2 (probably it is not the latest version).

Rodrigo Barbosa       (Personal e-mail: )
Network Administrator (Work e-mail    : )
PGP Key,HomePage address etc: finger
PGP Fingerprint: [ D9 15 02 9E 72 32 5A 0A  AC F0 DA 11 6A 4C A3 12 ]
   --> Except where explicitly stated I speak on my own behalf. <--

This archive was generated by hypermail 2.0b3 on Sun Aug 08 1999 - 09:37:11 CEST