COMMAND

    fingerd

SYSTEMS AFFECTED

    Most UNIXes running fingerd

PROBLEM

    Remote fingering allows one to finger through machines like so:

    evil/~> finger johndoe@victim.com@target.com

    This  will  effectively  appear  as  johndoe  being  fingered   at
    victim.com by  someone from  target.com.   Since fingerd  can read
    this way, a hacker could do:

    evil/~> finger johndoe@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@victim.com

    This would cause victim.com to finger itself recursively.

    If  victim.com  fingers  itself  recursively  enough,   eventually
    memory,  swap  space,  and  then  hard  drive  space will fill up,
    causing the machine to crash

SOLUTION

    Disable fingerd by  commenting out the  finger line in  inetd.conf
    and kill -HUP inetd process.