| VID |
15011 |
| Severity |
30 |
| Port |
79 |
| Protocol |
TCP |
| Class |
FINGER |
| Detailed Description |
The host seems to be running fkey, which is vulnerable to an arbitrary file disclosure vulnerability. fkey is a scalable finger daemon server that is used for public display of user-specified files, e.g. PGP keys, contact information, etc. fkey versions 0.0.2 and earlier could allow a remote attacker to read arbitrary files by supplying a file name shorter than 10 characters. This vulnerability could allow an attacker to disclose sensitive files on a computer, which might aid in various attacks.
* References:
http://www.securiteam.com/exploits/5PP0L0UELA.html
http://securityfocus.com/archive/1/387792
http://freshmeat.net/projects/fkey
* Platforms Affected:
Freshmeat.net, fkey versions 0.0.2 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Disable the affected finger service.
*Solaris 10, Solaris 11:
# svcadm disable svc:/network/finger:default
*Enterprise Linux 6.4, CentOS 6.4, Fedora 19:
Open /etc/xinetd.d/finger and set disable=yes
and then restart xinetd |
| Related URL |
(CVE) |
| Related URL |
12321 (SecurityFocus) |
| Related URL |
19026 (ISS) |
|
