Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:332 |
Message | FINGER 0 query |
Summary | An intelligence gathering attack against the finger daemon |
Impact | The attacker may obtain information about user accounts on the target system. |
Detailed Information | This event is generated when an attempt is made to use a finger command against a host with a username of "0". A finger query against a vulnerable finger daemon may allow the attacker to obtain a list of accounts on the target system with some details for each account where present (such as time and source of the last login). Obtaining a list of accounts might precipitate further attacks such as password guessing, email attacks and other abuse. |
Affected Systems | |
Attack Scenarios | An attacker learns that the "sys" account exists on the system. He then proceeds to guess the password and is then able to gain remote access to the system. |
Ease of Attack | Simple, no exploit software required |
Corrective Action | Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers. |
Additional References | Arachnids: http://www.whitehats.com/info/IDS378 http://www.whitehats.com/info/IDS131 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0197 Nessus: http://cgi.nessus.org/plugins/dump.php3?id=10069%20(Finger%20zero%20at%20host |
Rule References | arachnids: 131 arachnids: 378 cve: 1999-0197 nessus: 10069 |
--
DID:231965
--
http://www.aanval.com/