[Snort-sigs] Documentation: SID 324
ddavidson at ...1674...
Fri Jul 18 05:37:12 EDT 2003
FINGER null request
Finger Null Request: A null character in a Finger request can cause some
systems to respond with a list of all usernames on the system.
Disclosure of usernames is an Information Gathering risk. The remote
user can use this information in other exploits that require knowing
user names, or as a basis for social engineering.
A packet is transmitted to server port 79 (Finger) with a null character
in the data. Some Unix finger commands will respond with a full list of
usernames. A remote attacker could use this information for other
exploits, including dictionary-based password attacks and social
UNIX (version unknown)
Ease of Attack:
Disable finger command in inetd.conf, or block untrusted access to port 79.
Documentation - Darryl Davidson <ddavidson at ...1674...>
Additional References: CVE-1999-0612,
More information about the Snort-sigs