CVE-2002-0424

Name of the Vulnerable Software and Affected Versions efingerd versions 1.61 and earlier

Description The issue allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger, when efingerd is configured without the -u option. This is because, in such configurations, efingerd executes .efingerd files as the efingerd user, typically "nobody".

Recommendations For efingerd versions 1.61 and earlier, consider running efingerd with the -u option to prevent the execution of .efingerd files as the efingerd user. As a temporary workaround, restrict access to the .efingerd files to minimize the risk of exploitation.