|
Family: Finger abuses --> Category: infos
FreeBSD 4.1.1 Finger Vulnerability Scan
Vulnerability Scan Summary Finger /path/to/file
Detailed Explanation for this Vulnerability Test
There is a bug in the remote finger service that allows anyone to read
arbitrary files on this host by doing a 'finger' command on the name of
targeted file.
For instance :
finger /etc/passwd@target
Will display the content of /etc/passwd
Solution : disable the finger service in /etc/inetd.conf and restart the inetd
process, or upgrade your finger daemon
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|