 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.10788 |
| Categoría: | Finger abuses |
| Título: | Solaris finger disclosure |
| Resumen: | NOSUMMARY |
| Descripción: | Description: There is a bug in the remote finger service which, when triggered, allows a user to force the remote finger daemon to display the list of the accounts that have never been used, by issuing the request : finger 'a b c d e f g h'@target This list will help an attacker to guess the operating system type. It will also tell him which accounts have never been used, which will often make him focus his attacks on these accounts. Solution : disable the finger service in /etc/inetd.conf and restart the inetd process, or apply the relevant patches from Sun Microsystems. Risk factor : Medium |
| Referencia Cruzada: |
BugTraq ID: 3457 Common Vulnerability Exposure (CVE) ID: CVE-2001-1503 http://www.securityfocus.com/bid/3457 http://sunsolve.sun.com/search/document.do?assetkey=1-26-27116-1 http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0016.html XForce ISS Database: solaris-fingerd-list-accounts(7334) https://exchange.xforce.ibmcloud.com/vulnerabilities/7334 |
| Copyright | This script is Copyright (C) 2001 Renaud Deraison |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |