|
Family: Finger abuses --> Category: infos
in.fingerd pipe Vulnerability Scan
Vulnerability Scan Summary Acertains whether in.fingerd is exploitable
Detailed Explanation for this Vulnerability Test
It is possible to force the remote finger daemon to execute arbitrary
commands by issuing requests like :
finger |command_to_execute@target
A possible hacker may use this bug to gain a shell on this host.
Solution : Disable your finger daemon if you do not use it
(comment out the 'finger' line in /etc/inetd.conf and restart the
inetd process) or apply the latest patches from your vendor.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|