cfingerd Wildcard Argument Information Disclosure
|
|
Article ID: 10038
Last updated: 27 Jan, 2009
|
|
|
|
Views: 447
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
cfingerd Wildcard Argument Information Disclosure |
|
| This script is Copyright (C) 1999-2008 Tenable Network Security, Inc. |
|
|
| Family | Finger abuses |
| Plugin ID | 10038 |
| Bugtraq ID |
|
| CVE ID | CVE-1999-0259
|
|
| Description: |
The remote host is running cfingerd, a finger daemon.
There is a bug in the remote cfinger daemon which allows
anyone to get the lists of the users of this system, when
issuing the command :
finger search.**@victim
This information can in turn be used by an attacker to set up
a brute force login attack against this host.
Solution : use another finger daemon or disable this service in /etc/inetd.conf
Risk factor : Low / Medium |
|
