COMMAND

    fingerd

SYSTEMS AFFECTED

    Solaris 2.5.1, 2.6  (SPARC and x86)

PROBLEM

    Fiji posted following.   Well it seems  that Sun reintroduced  the
    finger forwarding and finger DoS into Solaris 2.5.1 and 2.6.  Try:

        finger @host@host@host....145 times....

    This should run the # of processes in excess of 1500 and shoot the
    system  load  up  to  at  least  13.5.   You  can also do a finger
    @hosta@hostb where hostb is a  machine running 2.5.1 or 2.6.

SOLUTION

    The bug id is  4161606 but yet there  is no patch available.   The
    two 2.5.1 machines  tested don't have  this problem so  you should
    test yourself.  There's a quite simple workaround (BTW, one finger
    can't create 1500  processes; there's a  buffer of 512  characters
    and you get at  most 512 /(1+lenghtofhostname)*2 processes.)   The
    quick  fix  is  to  set  the  number  of  processes  per user to a
    acceptable value by editing /etc/system:

        set maxuprc = 50

    This will limit  the number of  processes per user  (not including
    root, but including nobody) to a small value.  For certain setups,
    you can pick a larger system.   If you dont' want to reboot,  it's
    bit harder, but try:

        adb -wk
        v+0x1c/W<num>