Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Finger abuses
Title:Solaris finger disclosure

There is a bug in the remote finger service which, when triggered, allows
a user to force the remote finger daemon to display the list of the accounts
that have never been used, by issuing the request :

finger 'a b c d e f g h'@target

This list will help an attacker to guess the operating system type. It will
also tell him which accounts have never been used, which will often make him
focus his attacks on these accounts.

Solution : disable the finger service in /etc/inetd.conf and restart the inetd
process, or apply the relevant patches from Sun Microsystems.

Risk factor : Medium

Cross-Ref: BugTraq ID: 3457
Common Vulnerability Exposure (CVE) ID: CVE-2001-1503
XForce ISS Database: solaris-fingerd-list-accounts(7334)
CopyrightThis script is Copyright (C) 2001 Renaud Deraison

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2024 E-Soft Inc. All rights reserved.