cfingerd search information disclosure 1.1
 
Plugin ID117
Plugin namecfingerd search information disclosure
Plugin filenamecfingerd search information disclosure.plugin
Plugin filesize2664 bytes
Plugin familyFinger
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2004/09/01
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.1
Plugin changelogCorrected the plugin structure and added the accuracy values in 1.1
Plugin protocoltcp
Plugin port79
Plugin procedure exploitopen|send search.**\n|sleep|close|pattern_exists root
Plugin exploit accuracy99
Plugin commentThis plugin was written with the ATK Attack Editor and was inspired by Nessus plugin ID 10038.
Bug not affectedOther finger daemons
Bug vulnerability classConfiguration
Bug descriptionThe target system seems to be running cfingerd. This finger daemon is vulnerable to a information disclosure attack. An attacker can gain a complete list of the users by sending the query "search.**".
Bug solutionThe finger service, if not needed, should be disabled (in /etc/inetd.conf) or if possible firewalled.
Bug fixing timeApprox. 20 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.nessus.org
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity7
Bug simplicity7
Bug impact6
Bug risk6
Bug Nessus riskLow/Medium
Bug check toolsNessus is able to do the same check a bit more complexe (and accurate?).
Source CVECVE-1999-0259
Source Nessus ID10038
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.