The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a finger 9@host command, a different vulnerability than CVE-2001-1503.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sunos | Sun | 5.7 (including) | 5.7 (including) |
Sunos | Sun | 5.8 (including) | 5.8 (including) |
Sunos | Sun | 5.9 (including) | 5.9 (including) |