Solaris in.fingerd Unused Accounts Disclosure

medium Nessus Plugin ID 10788

Synopsis

The remote finger service has an information disclosure vulnerability.

Description

The remote Solaris finger daemon will return a list of accounts that have never been used when it receives the request :

finger 'a b c d e f g h'@target

A remote attacker could use this information to guess which operating system is running, or to mount further attacks on these accounts.

Solution

Apply the relevant patches from Sun.

See Also

http://www.nessus.org/u?03f64d50

Plugin Details

Severity: Medium

ID: 10788

File Name: finger_solaris_disclosure.nasl

Version: 1.27

Type: remote

Family: Misc.

Published: 10/22/2001

Updated: 7/11/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 10/22/2001

Reference Information

CVE: CVE-2001-1503

BID: 3457