Efingerd: >> Efingerd >> 1.3 Security Vulnerabilities
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
CVSS Score
10.0
EPSS Score
0.034
Published
2002-08-12
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
CVSS Score
4.6
EPSS Score
0.001
Published
2002-08-12