5 matches found
CVE-1999-0259
CVE-1999-0259 describes an information-disclosure vulnerability in cfingerd where a remote attacker can list system users by issuing a finger search (finger search.*@target). The affected component is cfingerd; the underlying root cause is a bug in the search handling that exposes user lists. Doc...
CVE-1999-0708
CVE-1999-0708 describes a local buffer overflow in cfingerd's GECOS field that allows a local user to gain root privileges. The vulnerability affects cfingerd prior to version 1.4.4 (as reflected in multiple scanners and advisories), with the overflow enabling privilege escalation without requiri...
CVE-2001-0609
CVE-2001-0609 affects Infodrom cfingerd 1.4.3 and earlier. A format string vulnerability in the ident reply that is passed to the syslog function enables a remote attacker to gain additional privileges. Several connected sources corroborate that cfingerd’s logging/ident handling allows privilege ...
CVE-1999-0813
Cfingerd (with ALLOW_EXECUTION enabled) is vulnerable: it does not properly drop privileges when executing a program on behalf of a user, allowing local users to gain root privileges. Affected component: Cfingerd; underlying cause is improper privilege handling during exec. Exploitation details a...
CVE-2001-0735
CVE-2001-0735 affects cfingerd 1.4.3 and earlier. The root cause is a buffer overflow in the code that reads configuration files when ALLOW_LINE_PARSING is enabled, allowing local users to execute arbitrary code via a long line in the .nofinger file. The vulnerability is local, requires no authen...