RSS   Vulnerabilities for 'Efingerd'   RSS

2002-08-12
 
CVE-2002-0424

 

 
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

 
 
CVE-2002-0423

 

 
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

 


Copyright 2024, cxsecurity.com

 

Back to Top