[Snort-sigs] Documentation: SID 324

Darryl Davidson ddavidson at ...1674...
Fri Jul 18 05:37:12 EDT 2003


FINGER null request




Finger Null Request: A null character in a Finger request can cause some 
systems to respond with a list of all usernames on the system.


Disclosure of usernames is an Information Gathering risk.  The remote 
user can use this information in other exploits that require knowing 
user names, or as a basis for social engineering.

Detailed Information:

A packet is transmitted to server port 79 (Finger) with a null character 
in the data.  Some Unix finger commands will respond with a full list of 
usernames.  A remote attacker could use this information for other 
exploits, including dictionary-based password attacks and social 
engineering attempts.

Affected Systems:

UNIX (version unknown)

Attack Scenarios:

Ease of Attack:


False Positives:

None known

False Negatives:


Corrective Action:

Disable finger command in inetd.conf, or block untrusted access to port 79.


Documentation - Darryl Davidson <ddavidson at ...1674...>

Additional References: CVE-1999-0612, 
http://www.whitehats.com/info/IDS377 (Arachnids,377)

More information about the Snort-sigs mailing list