Solaris in.fingerd Information Disclosure Vulnerability
The Solaris version of fingerd may potentially disclose a list of all accounts on the host to remote attackers who make a specially crafted finger request.
The following request is sufficient to disclose a list of users:
finger 'a b c d e f g h'@sunhost
The disclosed information may be used in further "intelligent" attacks on the host.