VULHUB ™

The Solaris version of fingerd may potentially disclose a list of all accounts on the host to remote attackers who make a specially crafted finger request. The following request is sufficient to disclose a list of users: finger 'a b c d e f g h'@sunhost The disclosed information may be used in further "intelligent" attacks on the host.

The Solaris version of fingerd may potentially disclose a list of all accounts on the host to remote attackers who make a specially crafted finger request. The following request is sufficient to disclose a list of users: finger 'a b c d e f g h'@sunhost The disclosed information may be used in further "intelligent" attacks on the host.