Finger Redirection Remote Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Finger service and is prone to denial of service vulnerability.

Impact

Successful exploitation will let the attacker to use this computer as a relay to gather information on a third-party network or cause a denial of service. Impact Level: Application

Solution

Upgrade to GNU finger 1.37 or later, For updates refer, ftp://prep.ai.mit.edu/old-gnu/finger/finger-1.37.tar.gz

Insight

The flaw exists due to finger daemon allows redirecting a finger request to remote sites using the form finger 'username@hostname1@hostname2'.

Affected

GNU Finger.

References

http://osvdb.org/show/osvdb/64
http://osvdb.org/show/osvdb/5769
http://www.iss.net/security_center/reference/vuln/finger-bomb.htm
http://www.securityspace.com/smysecure/catid.html?id=10073
http://xforce.iss.net/xforce/xfdb/47

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0106

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Finger Service Remote Information Disclosure Vulnerability
Finger Redirection Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities