Filtered by vendor Efingerd
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2008-09-05 | 10.0 HIGH | N/A |
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||||
CVE-2002-0424 | 1 Efingerd | 1 Efingerd | 2008-09-05 | 4.6 MEDIUM | N/A |
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. |