CVE-2002-0424

2002-08-12T04:00:00
ID CVE-2002-0424
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:27:00

Description

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.