| VID |
15003 |
| Severity |
40 |
| Port |
79 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The remote finger daemon seems to be a backdoor, because it
seems to react to the request :
cmd_rootsh@target
If a root shell has been installed as /tmp/.sh, then this finger daemon is definitely a trojan, and your system has been compromised.
* References:
http://www.sans.org/resources/idfaq/fingerd.php
http://www.iss.net/security_center/static/7269.php |
| Recommendation |
Audit the integrity of your system, since it seems to have been compromised. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
