Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
http://www.securityfocus.com/bid/5105
http://www.iss.net/security_center/static/9434.php
http://archives.neohapsis.com/archives/bugtraq/2002-06/0314.html