Back to search
CVE-2002-0424
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
4240
vdb-entry
x_refsource_BID
http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
x_refsource_CONFIRM
efingerd-file-execution(8381)
vdb-entry
x_refsource_XF
20020306 efingerd remote buffer overflow and a dangerous feature
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now