{"id": "CVE-1999-0259", "bulletinFamily": "NVD", "title": "CVE-1999-0259", "description": "cfingerd lists all users on a system via search.**@target.", "published": "1997-05-23T04:00:00", "modified": "2008-09-09T12:34:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0259", "reporter": "cve@mitre.org", "references": [], "cvelist": ["CVE-1999-0259"], "type": "cve", "lastseen": "2020-10-03T11:36:55", "edition": 3, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310802323", "OPENVAS:802323"]}, {"type": "nessus", "idList": ["CFINGER_SEARCH.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:32"]}], "modified": "2020-10-03T11:36:55", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-10-03T11:36:55", "rev": 2}, "vulnersScore": 4.9}, "cpe": ["cpe:/a:infodrom:cfingerd:1.2.2"], "affectedSoftware": [{"cpeName": "infodrom:cfingerd", "name": "infodrom cfingerd", "operator": "eq", "version": "1.2.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:infodrom:cfingerd:1.2.2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:infodrom:cfingerd:1.2.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}

{"openvas": [{"lastseen": "2017-09-04T14:20:03", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0259"], "description": "This host is running Cfingerd service and is prone to information\n disclosure vulnerability.", "modified": "2017-08-30T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:802323", "href": "http://plugins.openvas.org/nasl.php?oid=802323", "type": "openvas", "title": "Cfingerd 'search' Command Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cfingerd_search_cmd_info_disc_vuln.nasl 7024 2017-08-30 11:51:43Z teissa $\n#\n# Cfingerd 'search' Command Information Disclosure Vulnerability\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to obtain sensitive information\n that could aid in further attacks.\n Impact Level: Application\";\ntag_affected = \"Cfingerd version 1.2.2\";\ntag_insight = \"The flaw exists due to an error in the finger service which allows to list\n all usernames on the host via 'search.**' command.\";\ntag_solution = \"Upgrade to Cfingerd version 1.2.3 or later\n For updates refer to http://www.infodrom.org/projects/cfingerd/finger.php\";\ntag_summary = \"This host is running Cfingerd service and is prone to information\n disclosure vulnerability.\";\n\nif(description)\n{\n script_id(802323);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-1999-0259\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Cfingerd 'search' Command Information Disclosure Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/1811\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/bugtraq/1997_2/0328.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Finger abuses\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/finger\", 79);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\n## Get Finger Port\nport = get_kb_item(\"Services/finger\");\nif(!port){\n port = 79;\n}\n\n## Check Port Status\nif(! get_port_state(port)){\n exit(0);\n}\n\n## Open TCP Socket\nsoc = open_sock_tcp(port);\nif(! soc){\n exit(0);\n}\n\n## Confirm Finger\nbanner = recv(socket:soc, length:2048, timeout:5);\nif(banner) {\n exit(0);\n}\n\n## Send And Receive The Response\nsend(socket: soc, data: string(\"search.**\\r\\n\"));\nfingRes = recv(socket:soc, length:2048);\nclose(soc);\n\n## Confirm Vulnerability\nif(\"Finger\" >< fingRes && \"Username\" >< fingRes && \"root\" >< fingRes){\n security_message(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0259"], "description": "This host is running Cfingerd service and is prone to information\n disclosure vulnerability.", "modified": "2018-10-20T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310802323", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802323", "type": "openvas", "title": "Cfingerd 'search' Command Information Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cfingerd_search_cmd_info_disc_vuln.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Cfingerd 'search' Command Information Disclosure Vulnerability\n#\n# Authors:\n# Rachana Shetty <srachana@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802323\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)\");\n script_cve_id(\"CVE-1999-0259\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Cfingerd 'search' Command Information Disclosure Vulnerability\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/1811\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/1997_2/0328.html\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Finger abuses\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/finger\", 79);\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to obtain sensitive information\n that could aid in further attacks.\");\n script_tag(name:\"affected\", value:\"Cfingerd version 1.2.2\");\n script_tag(name:\"insight\", value:\"The flaw exists due to an error in the finger service which allows to list\n all usernames on the host via 'search.**' command.\");\n script_tag(name:\"solution\", value:\"Upgrade to Cfingerd version 1.2.3 or later\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"This host is running Cfingerd service and is prone to information\n disclosure vulnerability.\");\n script_xref(name:\"URL\", value:\"http://www.infodrom.org/projects/cfingerd/finger.php\");\n exit(0);\n}\n\n\nport = get_kb_item(\"Services/finger\");\nif(!port){\n port = 79;\n}\n\nif(! get_port_state(port)){\n exit(0);\n}\n\nsoc = open_sock_tcp(port);\nif(! soc){\n exit(0);\n}\n\nbanner = recv(socket:soc, length:2048, timeout:5);\nif(banner) {\n exit(0);\n}\n\nsend(socket: soc, data: string(\"search.**\\r\\n\"));\nfingRes = recv(socket:soc, length:2048);\nclose(soc);\n\nif(\"Finger\" >< fingRes && \"Username\" >< fingRes && \"root\" >< fingRes){\n security_message(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:54", "bulletinFamily": "software", "cvelist": ["CVE-1999-0259"], "edition": 1, "description": "## Vulnerability Description\ncfingerd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using wildcard arguments within the search function, which will reveal all usernames resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\ncfingerd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using wildcard arguments within the search function, which will reveal all usernames resulting in a loss of confidentiality.\n## Manual Testing Notes\n# finger search.*[victim]\n\nor\n\n# search.**@[victim]\n## References:\nSnort Signature ID: 322\n[Nessus Plugin ID:10038](https://vulners.com/search?query=pluginID:10038)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_2/0328.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/1997_2/0339.html\nISS X-Force ID: 1811\nGeneric Informational URL: http://www.whitehats.com/info/IDS375\n[CVE-1999-0259](https://vulners.com/cve/CVE-1999-0259)\n", "modified": "1997-05-23T00:00:00", "published": "1997-05-23T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:32", "id": "OSVDB:32", "type": "osvdb", "title": "cfingerd Wildcard Argument Information Disclosure", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-01T01:32:03", "description": "The remote host is running 'cfingerd', a finger daemon.\n\nThere is a bug in the remote cfinger daemon that allows a remote\nattacker to get the lists of the users of this system when issuing\nthe command :\n\n finger search.**@victim\n\nThis information can be used by a remote attacker to mount further\nattacks.", "edition": 25, "published": "1999-06-22T00:00:00", "title": "cfingerd Wildcard Argument Information Disclosure", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-1999-0259"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:infodrom:cfingerd"], "id": "CFINGER_SEARCH.NASL", "href": "https://www.tenable.com/plugins/nessus/10038", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif(description)\n{\n script_id(10038);\n script_cve_id(\"CVE-1999-0259\");\n \n script_version (\"1.30\");\n script_name(english:\"cfingerd Wildcard Argument Information Disclosure\");\n script_summary(english:\"finger .@host feature\");\n \n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote finger server has an information disclosure vulnerability.\"\n );\n script_set_attribute( attribute:\"description\", value:\n\"The remote host is running 'cfingerd', a finger daemon.\n\nThere is a bug in the remote cfinger daemon that allows a remote\nattacker to get the lists of the users of this system when issuing\nthe command :\n\n finger search.**@victim\n\nThis information can be used by a remote attacker to mount further\nattacks.\" );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/1997/May/160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://seclists.org/bugtraq/1997/May/171\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"There is no known solution at this time. Use another finger daemon,\nor disable this service in inetd.conf.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"1999/06/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"1997/05/23\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:infodrom:cfingerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n \n script_copyright(english:\"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc.\");\n script_dependencie(\"find_service1.nasl\");\n script_require_ports(\"Services/finger\", 79);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\nport = get_kb_item(\"Services/finger\");\nif(!port)port = 79;\nif(get_port_state(port))\n{\n soc = open_sock_tcp(port);\n if(soc)\n {\n buf = string(\"search.**\\r\\n\");\n\n send(socket:soc, data:buf);\n recv_line(socket:soc, length:2048);\n data = recv_line(socket:soc, length:2048);\n minus = \"----\";\n if(minus >< data)\n {\n\tfor(i=1;i<11;i=i+1){\n\t\tdata = recv_line(socket:soc, length:2048);\n\t\tif(!data)exit(0);\n\t\t}\n\tdata = recv_line(socket:soc, length:2048);\n\tif(data){\n \t\tdata_low = tolower(data);\n \t\tif(data_low && (\"root\" >< data_low)) \n\t\t {\n \t\t security_warning(port);\n\t\t set_kb_item(name:\"finger/search.**@host\", value:TRUE);\n\t\t }\n\t\t}\n }\n close(soc);\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}