Lucene search
K
InfodromCfingerd

5 matches found

CVE
CVE
added 2000/01/18 5:0 a.m.77 views

CVE-1999-0259

CVE-1999-0259 describes an information-disclosure vulnerability in cfingerd where a remote attacker can list system users by issuing a finger search (finger search.*@target). The affected component is cfingerd; the underlying root cause is a bug in the search handling that exposes user lists. Doc...

5CVSS6.7AI score0.01403EPSS
CVE
CVE
added 2000/01/18 5:0 a.m.57 views

CVE-1999-0708

CVE-1999-0708 describes a local buffer overflow in cfingerd's GECOS field that allows a local user to gain root privileges. The vulnerability affects cfingerd prior to version 1.4.4 (as reflected in multiple scanners and advisories), with the overflow enabling privilege escalation without requiri...

7.2CVSS9.1AI score0.00818EPSS
CVE
CVE
added 2001/07/27 4:0 a.m.54 views

CVE-2001-0609

CVE-2001-0609 affects Infodrom cfingerd 1.4.3 and earlier. A format string vulnerability in the ident reply that is passed to the syslog function enables a remote attacker to gain additional privileges. Several connected sources corroborate that cfingerd’s logging/ident handling allows privilege ...

10CVSS9.6AI score0.18235EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.49 views

CVE-1999-0813

Cfingerd (with ALLOW_EXECUTION enabled) is vulnerable: it does not properly drop privileges when executing a program on behalf of a user, allowing local users to gain root privileges. Affected component: Cfingerd; underlying cause is improper privilege handling during exec. Exploitation details a...

7.2CVSS7AI score0.00471EPSS
CVE
CVE
added 2001/10/12 4:0 a.m.47 views

CVE-2001-0735

CVE-2001-0735 affects cfingerd 1.4.3 and earlier. The root cause is a buffer overflow in the code that reads configuration files when ALLOW_LINE_PARSING is enabled, allowing local users to execute arbitrary code via a long line in the .nofinger file. The vulnerability is local, requires no authen...

7.2CVSS7.3AI score0.0164EPSS