PT-2002-2811 · Deception · Deception Finger Daemon

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2091

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Deception Finger Daemon version 0.7

Description: A format string issue in the Deception Finger Daemon may allow remote attackers to execute arbitrary code via the username of a finger request.

Recommendations: For Deception Finger Daemon version 0.7, consider disabling the handling of finger requests until a patch is available. Restrict access to the daemon to minimize the risk of exploitation. Avoid using the username variable in the affected request handling until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2091

Affected Products

Deception Finger Daemon

PT-2002-2811 · Deception · Deception Finger Daemon

CVE-2002-2091

Related Identifiers

Affected Products

References · 4