CVE-2001-0609

Name of the Vulnerable Software and Affected Versions: Infodrom cfingerd versions 1.4.3 and earlier

Description: A format string issue allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. This can be exploited by sending a specially crafted ident reply.

Recommendations: For Infodrom cfingerd versions 1.4.3 and earlier, consider disabling the syslog function temporarily until a patch is available to prevent exploitation. Restrict access to the ident reply mechanism to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.