Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Finger abuses
Title:FreeBSD 4.1.1 Finger

There is a bug in the remote finger service that allows anyone to read
arbitrary files on this host by doing a 'finger' command on the name of
targeted file.

For instance :

finger /etc/passwd@target

Will display the content of /etc/passwd

Solution : disable the finger service in /etc/inetd.conf and restart the inetd
process, or upgrade your finger daemon

Risk factor : High

Cross-Ref: BugTraq ID: 1803
Common Vulnerability Exposure (CVE) ID: CVE-2000-0915
Bugtraq: 20001002 [ bin/21704: enabling fingerd makes files world readable] (Google Search)
FreeBSD Security Advisory: FreeBSD-SA-00:54
XForce ISS Database: freebsd-fingerd-files(5385)
CopyrightThis script is Copyright (C) 2000 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2024 E-Soft Inc. All rights reserved.