FreeBSD 4.1.1 Finger Arbitrary Remote File Access

high Nessus Plugin ID 10534

Synopsis

The finger service running on the remote host has an arbitrary file access vulnerability.

Description

The finger daemon running on the remote host will reveal the contents of arbitrary files when given a command similar to the following :

finger /etc/passwd@target

Which will return the contents of /etc/passwd.

Solution

Upgrade to the latest version of this finger daemon.

Plugin Details

Severity: High

ID: 10534

File Name: finger_freebsd.nasl

Version: 1.22

Type: remote

Family: Misc.

Published: 10/14/2000

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 10/13/2000

Reference Information

CVE: CVE-2000-0915

BID: 1803