MidnightBSD

Advisories for efingerd

CVE-2002-0423 HIGH

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
efingerd efingerd 1.6.1
efingerd efingerd 1.3
CVE-2002-0424 MEDIUM

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
efingerd efingerd 1.6.1
efingerd efingerd 1.3