The Finger Bug THE FINGER SERVER HAD A VARIABLE USED TO STORE THE REQUEST IT RECEIVED THROUGH THE NETWORK. THE MEMORY USED FOR THE REQUEST COULD HOLD 256 CHARACTERS. THERE WAS NO CHECK TO MAKE SURE THE REQUEST RECEIVED FIT IN 256 CHARACTERS. THE NAME OF THE PROGRAM TO USE TO PROCESS THE REQUEST ("FINGER") WAS KEPT IN MEMORY AFTER THE REQUEST VARIABLE. BY SENDING A VERY LONG REQUEST, THE WORM COULD CHANGE THE NAME OF THE PROGRAM TO BE EXECUTED.

The Web: Technologies and Techniques Links to other course pages: CS 105 Home Page CS 105 Lecture Schedule CS 105 On-line Discussion Group: All discussions Discussion relating to this lecture topic Williams College Department of Computer Science

This page is part of a section of lecture slides related to " The Internet Worm " within the topic "Computer Security: A Case Study?". Other slides within this section and other sections of slides for the topic "Computer Security: A Case Study?" can be accessed using the links below. Paranoia Raising Some Sample Security Problems The Internet Worm The Internet Worm What was "The Worm"? Finding Machine Names How the Worm Broke in Password Guessing The SENDMAIL "Trap Door" The Finger Server Bug Computer Memory Organization Computer Memory and Program Variables Memory Overflow The Finger Bug It Couldn't Happen Again! Could it?