Vulnerability Description
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Efingerd | Efingerd | 1.3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
- http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
- http://www.iss.net/security_center/static/8381.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4240Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
- http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
- http://www.iss.net/security_center/static/8381.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4240Vendor Advisory
FAQ
What is CVE-2002-0424?
CVE-2002-0424 is a vulnerability with a CVSS score of 4.6 (MEDIUM). efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user b...
How severe is CVE-2002-0424?
CVE-2002-0424 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0424?
Check the references section above for vendor advisories and patch information. Affected products include: Efingerd Efingerd.