Finger output from common names

Risk Level: Low risk vulnerability  Low

Check or Attack Name: Finger Names
Platforms: Any
Description:

Information was obtained by fingering common names. This information is useful to an attacker, especially when attempting to breach a system by social engineering.

Warning: NIS Servers under all versions of Sun Solaris may become slow when a finger names is in progress, possibly preventing user logins. Do not run a finger names on Solaris machines that run NIS. For more information, see the ISS Security Alert Advisory listed in the references.
Remedy:

Disable finger, or install a finger daemon that limits the type of information provided.

Unix: Disable the finger daemon, or configure the type of information available from finger. Unix systems can use GNU finger available from ftp://prep.ai.mit.edu/pub/gnu/finger-1.37.tar.gz.

To disable the finger daemon started from inetd, follow these steps:

  1. Edit the /etc/inetd.conf (or equivalent) file.
  2. Locate the line that controls the daemon.
  3. Type a # at the beginning of the line to comment out the daemon.
  4. Restart inetd.

—OR—

For more information on GNU finger, see ftp://prep.ai.mit.edu/pub/gnu/finger-1.37.tar.gz.

Windows: The finger service is not native to Windows, but may be present.

Note: The finger service may be included as part of another application, such as Netscape Mail Server.

WARNING: Repeated use of finger can cause a machine to become overloaded, which can cause it to stop responding. An attacker can use this susceptibility to disrupt the network.

To stop or disable the service in Windows NT, follow these steps:

  1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
  2. Select the service.
  3. Click Stop.
  4. When the service has stopped, click Startup.
  5. Choose one of these options:
    • To permanently disable the service, click Disabled.
    • To turn the service off unless manually activated by the user or a program, click Manual.
  6. Click OK, then click Close.
References:

CERT Advisory CA-91.04, Social Engineering, http://www.cert.org/ftp/cert_advisories/CA-91:04.social.engineering

CERT Advisory CA-91.04, Social Engineering, http://www.cert.org/advisories/CA-91.04.social.engineering.html

ISS Security Advisory #2, Distributed DoS Attack against NIS/NIS+ based networks, http://xforce.iss.net/alerts/advise2.php3
X-Force Logo
Know Your Risks