Plugin ID | 147 |
Plugin name | Finger daemon detection |
Plugin filename | Finger daemon detection.plugin |
Plugin filesize | 2935 bytes |
Plugin family | Finger |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/09/06 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 1.1 |
Plugin changelog | Corrected the plugin structure and added the accuracy values in 1.1 |
Plugin protocol | tcp |
Plugin port | 79 |
Plugin procedure detection | open|send root\n|sleep|close|pattern_exists User OR Login OR login OR logged |
Plugin detection accuracy | 95 |
Plugin comment | This plugin was written with the ATK Attack Editor and was inspired by Nessus plugin. |
Bug affected | finger daemons |
Bug not affected | Newer finger daemons |
Bug vulnerability class | Configuration |
Bug description | The target system seems to be running a finger daemon. The purpose of this service is to show who is currently logged into the remote system, and to give information about the users of the remote system. It provides useful information to attackers, since it allows them to gain usernames, determine how used a machine is, and see when each user logged in for the last time. |
Bug solution | The finger service, if not needed, should be disabled (in /etc/inetd.conf) or if possible firewalled. Upgrade to the latest software version to be not vulnerable anymore. |
Bug fixing time | Approx. 30 minutes |
Bug exploit availability | Yes |
Bug exploit url | http://www.nessus.org |
Bug remote | Yes |
Bug local | Yes |
Bug severity | Medium |
Bug popularity | 7 |
Bug simplicity | 8 |
Bug impact | 6 |
Bug risk | 7 |
Bug Nessus risk | Low |
Bug check tools | Nessus and ATK is able to do the same and further check. |
Source CVE | CVE-1999-0612 |
Source Nessus ID | 10068 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://www.computec.ch |