FKey Arbitrary Remote File Disclosure

medium Nessus Plugin ID 16224

Synopsis

The remote finger daemon has an information disclosure vulnerability.

Description

The remote finger daemon (possibly 'fkey') allows users to read arbitrary files by supplying a file name that is 10 characters or shorter. A remote attacker could exploit this to read sensitive information, which could be used to mount further attacks.

Solution

There is no known fix at this time. Disable this service.

See Also

https://seclists.org/bugtraq/2005/Jan/229

Plugin Details

Severity: Medium

ID: 16224

File Name: fkey_file_disclosure.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 1/21/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/21/2005

Reference Information

BID: 12321