finger Service Remote Information Disclosure

1992-01-01T00:00:00
ID OSVDB:11451
Type osvdb
Reporter OSVDB
Modified 1992-01-01T00:00:00

Description

Vulnerability Description

The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Access to the finger service should be restrcited from the general public, or removed entirely if operationally possible.

Short Description

The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks.

References:

Nessus Plugin ID:10068 ISS X-Force ID: 46 ISS X-Force ID: 48 CVE-1999-0612