DG/UX finger shell metacharacters allowed

Risk Level: High risk vulnerability  High

Check or Attack Name: DguxFing
Platforms: DG/UX
Description:

Some older DG/UX finger daemons were vulnerable to shell metacharacter attacks, allowing attackers to execute arbitrary commands through the finger port.
Remedy:

Contact Data General for a patch. This problem has been reported as fixed in revision R4.11MU03 and later of DG/UX.
References:

BUGTRAQ Mailing List, Re: in.fingerd vulnerability, http://www.netspace.org/cgi-bin/wa?A2=ind9708D&L=bugtraq&F=&S=&P=635
X-Force Logo
Know Your Risks