FreeBSD 4.1.1 Finger Arbitrary File Access

high Nessus Network Monitor Plugin ID 1281

Synopsis

The remote host may give an attacker information useful for future attacks

Description

The remote finger server allows anyone to read arbitrary files on this host, by requesting the file name on port 79. An attacker may use this flaw to retrieve your password file or any file readable by the fingerd process.

Solution

Disable the finger service.

Plugin Details

Severity: High

ID: 1281

Family: Finger

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 10534

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Reference Information

CVE: CVE-2000-0915

BID: 1803