Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 20962
Publication date : 2001-06-20 22h00 +00:00
Author : teleh0r
EDB Verified : Yes
source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
#!/usr/bin/perl
# | Local buffer overflow exploit for cfingerd
# | Copyright (c) 2001 by <teleh0r@digit-labs.org>
# | All rights reserved.
# |
# | Simple exploit for the vulnerability reported
# | to bugtraq by Steven Van Acker.
# | http://www.securityfocus.com/archive/1/192844
# |
# | If cfingerd does not run as root, the exploit
# | will of course fail!
# |
# | http://www.digit-labs.org/teleh0r/
Exploit Database EDB-ID : 20963
Publication date : 2001-07-10 22h00 +00:00
Author : Megyer Laszlo
EDB Verified : Yes
// source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
/************************************************************
http://www.infodrom.ffis.de/projects/cfingerd/ states:
Cfingerd is a free and secure finger daemon replacement for
standard finger daemons such as GNU fingerd or MIT fingerd.
April 11, 2001 Megyer Laszlo < abulla@freemail.hu > wrote:
In 3 words: REMOTE ROOT VULNERABILITY
idcf.c - July 11 2001 - happy 3 month anniversary!
Exploit Database EDB-ID : 20964
Publication date : 2001-07-09 22h00 +00:00
Author : qitest1
EDB Verified : Yes
// source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
/*
* cfingerd 1.4.3 and prior Linux x86 local root exploit
* by qitest1 10/07/2001
*
* This code successfully exploits the bof vulnerability found by
* Steven Van Acker <deepstar@ulyssis.org> and recently posted to
* bugtraq. If the ALLOW_LINE_PARSING option is set, and it is set
* by default, the bof simply occurs when reading the ~/.nofinger
* file. If cfingerd is called by inetd as root, a root shell will be
* spawned. But it is quite funny that the authors of cfingerd in the
* README almost seem to encourage people to set inetd.conf for
* calling cfingerd as root.
*
* Greets: my friends on #sikurezza@Undernet
* jtripper: hi man, play_the_game with me! =)
Products Mentioned
Configuraton 0
Infodrom>>Cfingerd >> Version 1.4.1
- Infodrom>>Cfingerd >> Version 1.4.1 (Open CPE detail)
Infodrom>>Cfingerd >> Version 1.4.2
- Infodrom>>Cfingerd >> Version 1.4.2 (Open CPE detail)
Infodrom>>Cfingerd >> Version 1.4.3
- Infodrom>>Cfingerd >> Version 1.4.3 (Open CPE detail)
References
http://www.securityfocus.com/archive/1/01071120191900.00788%40localhost.localdomain
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.