Solaris in.fingerd Information Disclosure Vulnerability

Solaris in.fingerd Information Disclosure Vulnerability

The Solaris version of fingerd may potentially disclose a list of all accounts on the host to remote attackers who make a specially crafted finger request.

The following request is sufficient to disclose a list of users:

finger 'a b c d e f g h'@sunhost

The disclosed information may be used in further "intelligent" attacks on the host.