Filtered by vendor Efingerd
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0424 | 1 Efingerd | 1 Efingerd | 2024-02-04 | 4.6 MEDIUM | N/A |
| efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. | |||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||||