[UNIX] Solaris Fingerd Discloses Complete User List

From: support@securiteam.com
Date: 10/23/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] Solaris Fingerd Discloses Complete User List
Message-Id: <20011023184136.C5B10138BF@mail.der-keiler.de>
Date: Tue, 23 Oct 2001 20:41:36 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Solaris Fingerd Discloses Complete User List
------------------------------------------------------------------------

SUMMARY

Under certain circumstances the command "/usr/bin/finger" can divulge too
much user account information, specifically a complete list of all account
names on a remote system.

DETAILS

Vulnerable systems:
Sparc:
 * Solaris 2.4
 * Solaris 2.5 without patch 111251-01
 * Solaris 2.5.1 without patch 111279-01
 * Solaris 2.6 without patch 111236-01
 * Solaris 7 without patch 111238-01
 * Solaris 8 (pre 07/01) or without patch 111232-01

Intel:
 * Solaris 2.4
 * Solaris 2.5 without patch 111252-01
 * Solaris 2.5.1 without patch 111280-01
 * Solaris 2.6 without patch 111237-01
 * Solaris 7 without patch 111239-01
 * Solaris 8 (pre 07/01) without patch 111233-01

 Workaround:
The following T-patches are available through normal support channels for
the following releases:

Sparc:
 * Solaris 2.4 T-patch T111315-01 estimated official patch release date:
June 2001

Intel:
 * Solaris 2.4 T-patch T111429-01 estimated official patch release date:
June 2001
 * Solaris 2.5 T-patch T111252-01, estimated official patch release date:
June 2001

Resolution:
This issue is addressed in the following URL:
 <http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=salert%2F27116>
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=salert%2F27116

Exploit:
Running the following command:
$ finger 'a b c d e f g h'@sunhost

ADDITIONAL INFORMATION

The information has been provided by <mailto:warning3@nsfocus.com>
warning3.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages