发布时间 :1999-04-23 00:00:00
修订时间 :2005-10-20 00:00:00

[原文]The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses.


[机译]ffingerd 1.19允许远程攻击者在目标系统上根据其反应来识别用户。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息 (20327)

GNU Ffingerd 1.19 Username Validity Disclosure Vulnerability (EDBID:20327)
unix remote
1999-08-23 Verified
0 Eilon Gishri
N/A [点击下载]

A vulnerability in Ffingerd version 1.19, the popular remote user-information server, which allows a remote user to determine whether or not a given username exists on the system.

Normally, if a user has declined to be open to finger requests, a finger attempt will elicit this response: 

'That user does not want to be fingered'

However, if a remote user attempts to finger a nonexistent username, the attempt will return the default message:

'That user does not want to be fingered.'

The extra '.' at the end of the second message reveals that the message was generated as a result of an attempt to finger a nonexistent user, as opposed to one who simply does not wish to be fingered. As a result, an attacker familiar with the discrepancy between the two failure message strings will be able to test the validity of usernames. Having this information can assist an attacker in carrying other compromises of system security.

finger username@host		

- 漏洞信息

ffingerd .nofinger Remote User Enumeration
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

ffingerd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user creates a .nofinger file in his home directory to prevent finger attempts. This instructs ffingerd to return the message, "The user does not wish to be fingered," without a trailing period. This message is different from the message generated when a user does not exist at all, which does include the trailing period.

- 时间线

1999-04-23 Unknow
1999-04-23 Unknow

- 解决方案

Upgrade to version 1.20 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: remove the world execute permissions from your home directory using chmod. See the chmod man page for details.

- 相关参考

- 漏洞作者