CVE-2002-0424
N/A
N/A
Summary
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/4240
- http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
- http://www.iss.net/security_center/static/8381.php
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
References
- http://www.securityfocus.com/bid/4240
- http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
- http://www.iss.net/security_center/static/8381.php
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.