Finger Recursive Request Arbitrary Site Redirection

This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.

Synopsis :

It is possible to use the remote host to perform third-party host

Description :

The remote finger service accepts redirect requests. That is, users
can perform requests like :

finger user@host@victim

This allows an attacker to use this computer as a relay to gather
information on a third-party network. In addition, this type of
syntax can be used to create a denial of service condition on the
remote host.

Solution :

Disable the remote finger daemon (comment out the 'finger' line in
/etc/inetd.conf and restart the inetd process) or upgrade it to a more
secure one.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Misc.

Nessus Plugin ID: 10073 (finger_redirection.nasl)

Bugtraq ID:

CVE ID: CVE-1999-0105