Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0424

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-0424
Last Modified 05 Sep 2008 04:27:59
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0424

Summary

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

Vulnerable Systems

Application

  • Efingerd 1.3

  • Efingerd 1.6.1


References

XF - efingerd-file-execution(8381)

BID - 4240

CONFIRM - http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz

BUGTRAQ - 20020306 efingerd remote buffer overflow and a dangerous feature


Last Updated: 27 May 2016 10:36:54