Finger service

finger-running (46)

Low Risk

Description:

The finger service or daemon was detected as running. Finger can give an attacker information, such as logon accounts and trusted hosts. This information could be useful to an attacker in performing an attack.

Platforms Affected:

• Apple, Mac OS
• Cisco, IOS
• Compaq, Tru64
• Data General, DG/UX
• HP, HP-UX
• IBM, AIX
• IBM, OS2
• Linux, Kernel
• Microsoft, Windows 2000
• Microsoft, Windows 2003 Server
• Microsoft, Windows 95
• Microsoft, Windows 98
• Microsoft, Windows 98SE
• Microsoft, Windows Me
• Microsoft, Windows NT 4.0
• Microsoft, Windows XP
• Novell, NetWare
• SCO, SCO Unix
• SGI, IRIX
• Sun, Solaris
• Various vendors, Finger Service
• WindRiver, BSDOS

Remedy:

Disable finger, or install a finger service or daemon that limits the type of information provided.

Windows: The finger service is not native to Windows, but may be present. To stop or disable the service in Windows NT:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the service.
3. Click Stop.
4. When the service has stopped, click Startup.
5. Choose one of these options:
• To permanently disable the service, click Disabled.
• To turn the service off unless manually activated by the user or a program, click Manual.
6. Click OK, then click Close.

Unix: Disable the finger daemon or configure the type of information available from finger. Unix systems can use GNU finger available from the GNU finger 1.37 download site. See References.

To disable the finger daemon when started from inetd:

1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the daemon.
3. Type a # at the beginning of the line to comment out the daemon.
4. Restart inetd.

— OR —

For more information on GNU finger, download the compressed file from the GNU finger 1.37 download site. See References. You will need decompression and untarring utilities to use this file.

Consequences:

Obtain Information

References:

• FTP directory /pub/gnu/finger/ at prep.ai.mit.edu, GNU finger 1.37 download at ftp://prep.ai.mit.edu/pub/gnu/finger/finger-1.37.tar.gz.
• CVE-1999-0612: A version of finger is running that exposes valid user information to any entity on the network.

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page