Infodrom: >> Cfingerd >> 1.2.3 Security Vulnerabilities
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
CVSS Score
9.8
EPSS Score
0.099
Published
2001-08-02
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-08-10