VULHUB ™

PFinger is a daemon for the standard finger protocol. It also includes support for the PIP protocol. The PFinger daemon runs as the 'nobody' user in the default installation. PFinger includes a graphical finger client. A vulnerability exists in both the server and the client. Finger data associated with a user, including the .plan file, is passed into a printf call as a format string. This may lead to arbitrary code being executed by either the server or the client, and to a non-privileged local account compromise.

PFinger is a daemon for the standard finger protocol. It also includes support for the PIP protocol. The PFinger daemon runs as the 'nobody' user in the default installation. PFinger includes a graphical finger client. A vulnerability exists in both the server and the client. Finger data associated with a user, including the .plan file, is passed into a printf call as a format string. This may lead to arbitrary code being executed by either the server or the client, and to a non-privileged local account compromise.