<plugin_id>147</plugin_id>
<plugin_name>Finger daemon detection</plugin_name>
<plugin_family>Finger</plugin_family>
<plugin_created_date>2004/09/06</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>79</plugin_port>
<plugin_procedure_detection>open|send root\n|sleep|close|pattern_exists User OR Login OR login OR logged</plugin_procedure_detection>
<plugin_detection_accuracy>95</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor and was inspired by Nessus plugin.</plugin_comment>
<bug_affected>finger daemons</bug_affected>
<bug_not_affected>Newer finger daemons</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The target system seems to be running a finger daemon. The purpose of this service is to show who is currently logged into the remote system, and to give information about the users of the remote system. It provides useful information to attackers, since it allows them to gain usernames, determine how used a machine is, and see when each user logged in for the last time.</bug_description>
<bug_solution>The finger service, if not needed, should be disabled (in /etc/inetd.conf) or if possible firewalled. Upgrade to the latest software version to be not vulnerable anymore.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.nessus.org</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Medium</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>6</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus and ATK is able to do the same and further check.</bug_check_tool>
<source_cve>CVE-1999-0612</source_cve>
<source_nessus_id>10068</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.computec.ch</source_misc>