DG/UX in.fingerd Remote Command Execution Vulnerability
BID:2220
Info
DG/UX in.fingerd Remote Command Execution Vulnerability
| Bugtraq ID: | 2220 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 11 1997 12:00AM |
| Updated: | Aug 11 1997 12:00AM |
| Credit: | reported to bugtraq by George Imburgia < [email protected] > on Mon, Aug 11, 1997. |
| Vulnerable: |
Data General DG/UX 5.4 4.11 MU02 |
| Not Vulnerable: |
Data General DG/UX 5.4 4.11 MU03 |
Discussion
DG/UX in.fingerd Remote Command Execution Vulnerability
Data General DG/UX in.fingerd Remote Arbitrary Command Vulnerability
The version of fingerd in Digital General's DG/UX version 5.4R4.11MU02 fails to eliminate shell metacharacters in finger requests from remote users. As a result, thoughtfully-formed requests containing arbitrary commands may be run with root privilege.
Data General DG/UX in.fingerd Remote Arbitrary Command Vulnerability
The version of fingerd in Digital General's DG/UX version 5.4R4.11MU02 fails to eliminate shell metacharacters in finger requests from remote users. As a result, thoughtfully-formed requests containing arbitrary commands may be run with root privilege.
Exploit / POC
DG/UX in.fingerd Remote Command Execution Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
DG/UX in.fingerd Remote Command Execution Vulnerability
References:
References: