Lucene search

[email protected]CVE-2002-0423

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0423

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0423

efingerd 1.5

buffer overflow

denial of service

arbitrary code execution

dns look up

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

Affected configurations

NVD

Node

efingerdefingerdMatch1.3

efingerdefingerdMatch1.6.1

CPENameOperatorVersion
efingerd:efingerdefingerdeq1.3
efingerd:efingerdefingerdeq1.6.1

CPE	Name	Operator	Version
efingerd:efingerd	efingerd	eq	1.3
efingerd:efingerd	efingerd	eq	1.6.1

References

archives.neohapsis.com/archives/bugtraq/2002-03/0050.html

melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz

www.iss.net/security_center/static/8380.php

www.securityfocus.com/bid/4239

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2002-0423

nvd1 cvelist1