Command injection

The finger daemon in.fingerd in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503...

Solaris finger bug

Hi all: Recently, we monitored a cracker from Eastern Europe, who ran 'finger 9@host' against a Solaris 7 box, and got the following result: Login Name TTY Idle When Where daemon ??? . . . . bin ??? pts/1 Oct 2, 2002 xxx.lbl.gov sys ??? . . . . account1 ??? pts/8 Jul 20, 2000 yyy.lbl.gov account2...

CVE-2001-1503

The finger daemon in.fingerd in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host...

CVE-2001-1503

Vulnerability: The finger daemon (in.fingerd) in Sun Solaris 2.5–8 and SunOS 5.5–5.8 allows remote attackers to list all user accounts by sending a crafted finger request (e.g., finger 'a b c d e f g h'@host). Affects multiple Solaris releases; impact is limited to information disclosure of accou...

CVE-2001-1503

The finger daemon in.fingerd in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host...