[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pinky command

From: Alfred M. Szmidt
Subject: Re: Pinky command
Date: Thu, 12 Nov 2009 18:27:00 -0500

   > The list of uids are already public in the /etc/passwd file.  That file
   > is already world readable.  Therefore it isn't clear to me how using
   > another command makes this a vulnerability.

   Using fingerd, this could disclose login names to remote attackers.
   This, of course, does not apply to local invokation of some tool that
   uses normal user privileges.

But running fingerd already discloses login names, that is the whole
point of finger.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]