PT-2002-2811 · Deception · Deception Finger Daemon

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-2091

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Deception Finger Daemon version 0.7

Description: A format string issue in the Deception Finger Daemon may allow remote attackers to execute arbitrary code via the username of a finger request.

Recommendations: For Deception Finger Daemon version 0.7, consider disabling the handling of finger requests until a patch is available. Restrict access to the daemon to minimize the risk of exploitation. Avoid using the username variable in the affected request handling until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-2091

Produtos afetados

Deception Finger Daemon

PT-2002-2811 · Deception · Deception Finger Daemon

CVE-2002-2091

Identificadores relacionados

Produtos afetados

Referências · 4