‘Solaris 2.7 allows finger bouncing’

Summary

‘Solaris 2.7, (described by Sun Microsystems as ‘a complete network computing environment, supporting a 64-bit environment, mainframe-class reliability features, enhanced PC interoperability, easier installation, administration and configuration’) is vulnerable to an attack called Finger Bouncing, which make the target system a relay host for finger requests.’

Credit:

‘The vulnerability was found by: spoon.
Solaris’s home page can be found at:
http://www.sun.com/solaris/.
Sun’s home can be found at:
http://www.sun.com.’


Details

‘By sending a special ~~finger~~ request (Finger is defined by RFC 1288) to a Solaris 2.7 system, the Solaris operating system relays a finger request as if it were sent from that machine.

Issuing the following command on any UNIX compatible system:
# finger -l @host-b@host-a

(where host-a runs Solaris 2.7), will return a finger query on host-b, but host-a will be the host that actually performs the query.

This of course can be quite easily used for malicious intentions.’

Categories: Exploits