FreeBSD 4.1.1 Finger Arbitrary File Access

High Nessus Network Monitor Plugin ID 1281

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote finger server allows anyone to read arbitrary files on this host, by requesting the file name on port 79. An attacker may use this flaw to retrieve your password file or any file readable by the fingerd process.

Solution

Disable the finger service.

Plugin Details

Severity: High

ID: 1281

File Name: 1281.prm

Family: Finger

Published: 2004/08/20

Modified: 2016/02/05

Nessus ID: 10534

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2000-0915

BID: 1803