CVE-2004-2273
Description
efFingerD 0.2.12 crashes when receiving a single-byte packet due to a protocol error, enabling remote denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
efFingerD 0.2.12 crashes when receiving a single-byte packet due to a protocol error, enabling remote denial of service.
## Vulnerability efFingerD version 0.2.12 contains a flaw in its protocol handling that causes the daemon to crash when it receives a packet containing only a single byte. This triggers a "Wrong protocol or connection state" error, leading to termination of the service. The vulnerability is reachable without any special configuration.
Exploitation
An attacker can exploit this vulnerability by sending a single-byte UDP or TCP packet (depending on the finger protocol) to the efFingerD service. No authentication or prior knowledge is required; the attacker only needs network access to the target host on the port where efFingerD listens.
Impact
Successful exploitation results in a denial of service (DoS) condition, as the efFingerD daemon crashes and becomes unavailable. This disrupts finger service for legitimate users. There is no indication of code execution or data compromise.
Mitigation
No official patch or fixed version has been identified in the available references. Users should consider disabling the efFingerD service if not needed, or restrict network access to the service via firewall rules to limit exposure to trusted hosts only.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- secunia.com/advisories/11573nvdVendor Advisory
- www.osvdb.org/5992nvd
News mentions
0No linked articles in our index yet.