Previous Slide


The Finger Bug

Next Slide

THE FINGER SERVER HAD A VARIABLE USED TO STORE THE REQUEST IT RECEIVED THROUGH THE NETWORK.

  • THE MEMORY USED FOR THE REQUEST COULD HOLD 256 CHARACTERS.

  • THERE WAS NO CHECK TO MAKE SURE THE REQUEST RECEIVED FIT IN 256 CHARACTERS.

  • THE NAME OF THE PROGRAM TO USE TO PROCESS THE REQUEST ("FINGER") WAS KEPT IN MEMORY AFTER THE REQUEST VARIABLE.

  • BY SENDING A VERY LONG REQUEST, THE WORM COULD CHANGE THE NAME OF THE PROGRAM TO BE EXECUTED.
image



The Web:
Technologies and
Techniques


Links to other course pages:


Williams College
Department of Computer Science
This page is part of a section of lecture slides related to " The Internet Worm " within the topic "Computer Security: A Case Study?". Other slides within this section and other sections of slides for the topic "Computer Security: A Case Study?" can be accessed using the links below.
  • Paranoia Raising
  • Some Sample Security Problems
  • The Internet Worm
  • The Internet Worm
  • What was "The Worm"?
  • Finding Machine Names
  • How the Worm Broke in
  • Password Guessing
  • The SENDMAIL "Trap Door"
  • The Finger Server Bug
  • Computer Memory Organization
  • Computer Memory and Program Variables
  • Memory Overflow
  • The Finger Bug
  • It Couldn't Happen Again! Could it?