Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0423

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0423
Last Modified 05 Sep 2008 04:27:59
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0423

Summary

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

Vulnerable Systems

Application

  • Efingerd 1.3

  • Efingerd 1.6.1


References

XF - efingerd-reverse-lookup-bo(8380)

BID - 4239

CONFIRM - http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz

BUGTRAQ - 20020306 efingerd remote buffer overflow and a dangerous feature


Last Updated: 27 May 2016 10:36:54