VULHUB ™

efingerd is a freely available, open source finger daemon for use on the Linux operating system. It is publicly developed and maintained. efingerd does not properly handle domain information. When a host connects to the finger daemon, by default the daemon takes the ip address of the connecting host, and attempts to resolve it. However, if the name of the host is greater than 100 bytes, a buffer overflow occurs. This problem could potentially be exploited to overwrite stack variables, including the return address, and execute code with the privileges of the efingerd process.

efingerd is a freely available, open source finger daemon for use on the Linux operating system. It is publicly developed and maintained. efingerd does not properly handle domain information. When a host connects to the finger daemon, by default the daemon takes the ip address of the connecting host, and attempts to resolve it. However, if the name of the host is greater than 100 bytes, a buffer overflow occurs. This problem could potentially be exploited to overwrite stack variables, including the return address, and execute code with the privileges of the efingerd process.