| VID |
15008 |
| Severity |
40 |
| Port |
79 |
| Protocol |
TCP |
| Class |
FINGER |
| Detailed Description |
The remote finger daemon allows remote users to execute any command as root, when they do requests like :
finger |command_to_execute@target |
| Recommendation |
Disable the finger service immediately, or upgrade your finger daemon not to be vulnerable.
To disable the finger daemon started from inetd:
1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the daemon.
3. Type a # at the beginning of the line to comment out the daemon.
4. Restart inetd.
*Solaris 10, Solaris 11:
# svcadm disable svc:/network/finger:default
*Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d/finger and set disable=yes
and then restart xinetd
For more information on GNU finger, see: ftp://prep.ai.mit.edu/pub/gnu/finger-1.37.tar.gz. |
| Related URL |
CVE-2000-0128 (CVE) |
| Related URL |
974 (SecurityFocus) |
| Related URL |
4006 (ISS) |
|
