akfingerd 0.5 Multiple Vulnerabilities

This script is Copyright (C) 2002-2014 Andrew Hintz


Synopsis :

The remote service is vulnerable to several flaws.

Description :

The remote finger service appears to vulnerable to a remote attack
which can disrupt the service of the finger daemon. This denial of
service does not affect other services that may be running on the
remote computer, only the finger service can be disrupted.

akfingerd version 0.5 or earlier is running on the remote host. This
daemon has a history of security problems, make sure that you are
running the latest version of akfingerd.

Versions 0.5 and earlier of akfingerd are vulnerable to a remote
denial of service attack. They are also vulnerable to several local
attacks.

Solution :

akfingerd is no longer maintained. Disable the service and find an
alternative finger daemon.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11193 (finger_akfingerd.nasl)

Bugtraq ID: 6323
6324
6325

CVE ID: CVE-2002-2243
CVE-2002-2244
CVE-2002-2274