icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

FreeBSD 4.1.1 Finger Arbitrary File Access

High

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote finger server allows anyone to read arbitrary files on this host, by requesting the file name on port 79. An attacker may use this flaw to retrieve your password file or any file readable by the fingerd process.

Solution

Disable the finger service.