FreeBSD 4.1.1 Finger Arbitrary Remote File Access

high Nessus Plugin ID 10534


The finger service running on the remote host has an arbitrary file access vulnerability.


The finger daemon running on the remote host will reveal the contents of arbitrary files when given a command similar to the following :

finger /etc/passwd@target

Which will return the contents of /etc/passwd.


Upgrade to the latest version of this finger daemon.

Plugin Details

Severity: High

ID: 10534

File Name: finger_freebsd.nasl

Version: 1.22

Type: remote

Family: Misc.

Published: 10/14/2000

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/13/2000

Reference Information

CVE: CVE-2000-0915

BID: 1803