CVE-2002-0424
Summary
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
- LOW
- LOCAL
- NONE
- PARTIAL
- PARTIAL
- PARTIAL
References
Advisory Timeline
- Published