1.6.1

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

efingerd

NVD

Published: 2002-08-12

Updated: 2008-09-05

Summary

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

Vulnerable Configurations

Part	Description	Count
Application	Efingerd Efingerd Efingerd 1.3 Efingerd Efingerd 1.6.1	2

References

http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
http://www.iss.net/security_center/static/8381.php
http://www.securityfocus.com/bid/4240