Solaris in.fingerd Information Disclosure Vulnerability

The Solaris version of fingerd may potentially disclose a list of all accounts on the host to remote attackers who make a specially crafted finger request.

The following request is sufficient to disclose a list of users:

finger 'a b c d e f g h'@sunhost

The disclosed information may be used in further "intelligent" attacks on the host.


 

Privacy Statement
Copyright 2010, SecurityFocus