Lucene search
K

92 matches found

Exploit DB
Exploit DB
added 1999/09/21 12:0 a.m.30 views

Martin Schulze Cfingerd 1.4.2 - GECOS Buffer Overflow

// source: https://www.securityfocus.com/bid/651/info Under systems that allow the user to change his GECOS field from the password file and do not limit its length cfingerd is vulnerable to a local root or nobody buffer overflow. By setting a carefully designed GECOS field it is possible to...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.57 views

cfingerd.txt

Date: Thu, 23 Jul 1998 23:48:21 -0500 From: John Goerzen Subject: CFINGERD root security hole SUMMARY ------- I have found out that cfingerd 1.3.2 contains a security hole that could lead to easy root compromise for any user that has an account on the local machine, but only if ALLOWEXECUTION is...

7.4AI score
Exploits0
Debian
Debian
added 1999/08/14 1:35 p.m.11 views

[SECURITY] New versions of cfingerd fixes root exploit

We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq. We recommend you upgrade your cfingerd package immediately or disable ALLOWEXECUTION. The latter is turned off in the default Debian configuration. wg...

5.8AI score
Exploits0
Debian
Debian
added 1999/08/14 12:0 a.m.49 views

[SECURITY] New versions of cfingerd fixes root exploit

We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq. We recommend you upgrade your cfingerd package immediately or disable ALLOWEXECUTION. The latter is turned off in the default Debian configuration. wg...

1.7AI score
Exploits0
NVD
NVD
added 1999/08/10 4:0 a.m.17 views

CVE-1999-0813

Cfingerd with ALLOWEXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges...

7.2CVSS6.6AI score0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1999/08/10 12:0 a.m.5 views

PT-1999-1368 · Cfingerd · Cfingerd

Name of the Vulnerable Software and Affected Versions: Cfingerd affected versions not specified Description: The issue concerns Cfingerd when ALLOW EXECUTION is enabled. It fails to properly drop privileges when executing a program on behalf of the user. This allows local users to gain root...

7.2CVSS6.3AI score0.00471EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 1999/06/22 12:0 a.m.16 views

cfingerd Wildcard Argument Information Disclosure

The remote host is running 'cfingerd', a finger daemon. There is a bug in the remote cfinger daemon that allows a remote attacker to get the lists of the users of this system when issuing the command : finger search.@victim This information can be used by a remote attacker to mount further attack...

5CVSS5.6AI score0.01403EPSS
Exploits0References3
NVD
NVD
added 1999/01/01 5:0 a.m.21 views

CVE-1999-0243

Linux cfingerd could be exploited to gain root access...

10CVSS6.7AI score0.01603EPSS
Exploits0References1
Debian
Debian
added 1998/08/27 8:17 p.m.11 views

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

6AI score
Exploits0
Debian
Debian
added 1998/08/27 12:0 a.m.12 views

[SECURITY] New versions of cfingerd fixes root compromise

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled. We recommend you upgrade your cfingerd package immediately. dpkg ...

3.3AI score
Exploits0
NVD
NVD
added 1997/05/23 4:0 a.m.9 views

CVE-1999-0259

cfingerd lists all users on a system via search.@target...

5CVSS0.01403EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1997/05/23 12:0 a.m.5 views

PT-1997-1113 · Cfingerd · Cfingerd

Name of the Vulnerable Software and Affected Versions: cfingerd affected versions not specified Description: The issue allows cfingerd to list all users on a system via search. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

5CVSS6AI score0.01403EPSS
Exploits0References2
Rows per page
Query Builder