Lucene search

[email protected]CVE-2002-0424

HistoryApr 02, 2003 - 5:00 a.m.

CVE-2002-0424

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2002-0424

efingerd 1.61

privilege escalation

nvd

security vulnerability

efingerd user

local users.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically “nobody”), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

Affected configurations

NVD

Node

efingerdefingerdMatch1.3

efingerdefingerdMatch1.6.1

CPENameOperatorVersion
efingerd:efingerdefingerdeq1.3
efingerd:efingerdefingerdeq1.6.1

CPE	Name	Operator	Version
efingerd:efingerd	efingerd	eq	1.3
efingerd:efingerd	efingerd	eq	1.6.1

References

archives.neohapsis.com/archives/bugtraq/2002-03/0050.html

melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz

www.iss.net/security_center/static/8381.php

www.securityfocus.com/bid/4240

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2002-0424

cvelist1 nvd1