Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.CFINGER_FORMAT_BUG.NASL
HistoryApr 16, 2001 - 12:00 a.m.

cfingerd < 1.4.4 Multiple Vulnerabilities

2001-04-1600:00:00
This script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

The version of cfingerd running on the remote host has multiple vulnerabilities, including :

  • A local buffer overflow in the GECOS field, which can be used to escalate privileges.
  • A format string vulnerability, triggered by a malformed ident reply. This can be used to execute arbitrary code.
  • A local privilege escalation issue.
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(10652);
 script_version ("1.27");
 script_cve_id("CVE-1999-0243", "CVE-1999-0708", "CVE-2001-0609");
 script_bugtraq_id(2576, 651);

 script_name(english:"cfingerd < 1.4.4 Multiple Vulnerabilities");
 script_summary(english:"Checks the cfinger version");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote finger service has multiple vulnerabilities."
 );
 script_set_attribute( attribute:"description", value:
"The version of cfingerd running on the remote host has multiple
vulnerabilities, including :

  - A local buffer overflow in the GECOS field, which can be used to
    escalate privileges.
  - A format string vulnerability, triggered by a malformed ident
    reply.  This can be used to execute arbitrary code.
  - A local privilege escalation issue." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://seclists.org/bugtraq/1999/Sep/326"
 );
 # https://web.archive.org/web/20010725012119/http://archives.neohapsis.com/archives/vendor/2001-q2/0009.html
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.nessus.org/u?f2f0892c"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to cfingerd version 1.4.4 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2001/04/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "1996/09/19");
 script_cvs_date("Date: 2018/11/15 20:50:23");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Misc."); 
 script_copyright(english:"This script is Copyright (C) 2001-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_dependencie("find_service1.nasl", 
 		     "cfinger_version.nasl");
 script_require_keys("cfingerd/version");
 exit(0);
}

#
# The script code starts here
#

port = get_kb_item("Services/finger");
if(!port)port = 79;

version = get_kb_item("cfingerd/version");
if(version)
{
 if(ereg(pattern:"[0-1]\.(([0-3]\.[0-9]*)|(4\.[0-3]))",
 	string:version))security_hole(port);
}

Related

cve 3
nessus 1
cve
cve
CVE-1999-0243
1999-01-01 05:00:00
CVE-2001-0609
2001-08-02 04:00:00
CVE-1999-0708
1999-09-21 04:00:00
nessus
nessus
Debian DSA-049-1 : cfingerd
2004-09-29 00:00:00
JSON
Related for CFINGER_FORMAT_BUG.NASL
cve3nessus1