Finger Vulnerabilities

CVE 2000-0915

Impact

A remote attacker can view arbitrary files on the system with the privileges of the finger daemon.

Background

The finger command provides information about users on a system, such as account names, real-life user names, and the time and place of a user's last login.

The Problem

A vulnerability in the finger service allows a remote attacker to view a file on the server by putting the full pathname to the file in place of the user name in the finger request. FreeBSD 4.1.1 is affected by this vulnerability.

Resolution

Since finger usually serves no useful purpose and reveals potentially sensitive information about accounts on the system, the best solution is to disable it. Disable the finger daemon by editing the inetd.conf file, commenting out the finger service, and sending a HUP signal (a signal that resets a process, usually after its configuration has been changed) to the inetd process.

If disabling the service is not possible, apply the patch which was posted to Bugtraq.

Where can I read more about this?

This vulnerability was posted to Bugtraq.