This script is Copyright (C) 2001-2011 Tenable Network Security, Inc.
The remote finger service has multiple vulnerabilities.
The version of cfingerd running on the remote host has multiple
vulnerabilities, including :
- A local buffer overflow in the GECOS field, which can be used to
- A format string vulnerability, triggered by a malformed ident
reply. This can be used to execute arbitrary code.
- A local privilege escalation issue.
See also :
Upgrade to cfingerd version 1.4.4 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true