This page aggregates publicly disclosed CVE and security risk information related to efingerd, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2002-0424 | efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger. | [email protected] | 4.6 | 0.07% | 2002-08-12 | 2026-04-16 |
| CVE-2002-0423 | Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | [email protected] | 10.0 | 3.38% | 2002-08-12 | 2026-04-16 |