The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a finger 9@host command, a different vulnerability than CVE-2001-1503.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sunos | Sun | 5.7 (including) | 5.7 (including) |
| Sunos | Sun | 5.8 (including) | 5.8 (including) |
| Sunos | Sun | 5.9 (including) | 5.9 (including) |
References
- http://securityreason.com/securityalert/2996
- http://www.securityfocus.com/archive/1/474858/100/100/threaded
- http://www.securityfocus.com/archive/1/474927/100/100/threaded
- http://securityreason.com/securityalert/2996
- http://www.securityfocus.com/archive/1/474858/100/100/threaded
- http://www.securityfocus.com/archive/1/474927/100/100/threaded