[Snort-sigs] Documentation: SID 324

Darryl Davidson ddavidson at ...1674...
Fri Jul 18 05:37:12 EDT 2003


Rule:

FINGER null request

--
Sid:

324

--
Summary:

Finger Null Request: A null character in a Finger request can cause some 
systems to respond with a list of all usernames on the system.

--
Impact:

Disclosure of usernames is an Information Gathering risk.  The remote 
user can use this information in other exploits that require knowing 
user names, or as a basis for social engineering.

--
Detailed Information:

A packet is transmitted to server port 79 (Finger) with a null character 
in the data.  Some Unix finger commands will respond with a full list of 
usernames.  A remote attacker could use this information for other 
exploits, including dictionary-based password attacks and social 
engineering attempts.

--
Affected Systems:

UNIX (version unknown)

--
Attack Scenarios:

--
Ease of Attack:

Trivial

--
False Positives:

None known

--
False Negatives:

Unknown

--
Corrective Action:

Disable finger command in inetd.conf, or block untrusted access to port 79.

--
Contributors:

Documentation - Darryl Davidson <ddavidson at ...1674...>

-- 
Additional References: CVE-1999-0612, 
http://www.whitehats.com/info/IDS377 (Arachnids,377)





More information about the Snort-sigs mailing list