Efingerd
by Efingerd
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2273 | 0.00 | — | 0.01 | Dec 31, 2004 | efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. | |||
| CVE-2004-2272 | 0.00 | — | 0.01 | Dec 31, 2004 | Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. | |||
| CVE-2002-0423 | 0.00 | — | 0.03 | Aug 12, 2002 | Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||
| CVE-2002-0424 | 0.00 | — | 0.00 | Aug 12, 2002 | efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. |
- CVE-2004-2273Dec 31, 2004risk 0.00cvss —epss 0.01
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.
- CVE-2004-2272Dec 31, 2004risk 0.00cvss —epss 0.01
Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command.
- CVE-2002-0423Aug 12, 2002risk 0.00cvss —epss 0.03
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
- CVE-2002-0424Aug 12, 2002risk 0.00cvss —epss 0.00
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.