Finger Backdoor Detection

critical Nessus Plugin ID 10070

Synopsis

The remote finger daemon appears to be a backdoor.

Description

The remote finger daemon seems to be a backdoor, as it seems to react to the request :

cmd_rootsh@target

If a root shell has been installed as /tmp/.sh, then this finger daemon is definitely a trojan, and this system has been compromised.

Solution

Audit the integrity of this system, since it seems to have been compromised

Plugin Details

Severity: Critical

ID: 10070

File Name: finger_backdoor.nasl

Version: Revision: 1.33

Type: remote

Family: Backdoors

Published: 6/22/1999

Updated: 10/21/2015

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Settings/ParanoidReport