Fingerd
by GNU
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-0612 | 0.02 | — | 0.25 | Mar 1, 1997 | A version of finger is running that exposes valid user information to any entity on the network. | |||
| CVE-1999-1165 | 0.00 | — | 0.00 | Jul 21, 1999 | GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. | |||
| CVE-1999-0150 | 0.00 | — | 0.01 | Jul 1, 1997 | The Perl fingerd program allows arbitrary command execution from remote users. |
- CVE-1999-0612Mar 1, 1997risk 0.02cvss —epss 0.25
A version of finger is running that exposes valid user information to any entity on the network.
- CVE-1999-1165Jul 21, 1999risk 0.00cvss —epss 0.00
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
- CVE-1999-0150Jul 1, 1997risk 0.00cvss —epss 0.01
The Perl fingerd program allows arbitrary command execution from remote users.