CVE-2001-0609
published 2001-08-02CVE-2001-0609: Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is…
PriorityP345critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
18.23%
96.9th percentile
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| infodrom | cfingerd | <= 1.4.3 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
cfingerd 1.4 - Format String (2)
exploitdb·2001-04-16
CVE-2001-0609 cfingerd 1.4 - Format String (2)
cfingerd 1.4 - Format String (2)
---
// source: https://www.securityfocus.com/bid/2576/info
A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code.
cfingerd queries and logs the remote username of users of the service. If an attacker sets up a remote machine that returns specific format strings instead of a valid username, and connects to cfingerd from that machine, he can exploit the format string bugs. Because cfingerd runs as root, this means the attacker gains full control of the cfingerd host.
An exploit is available against x86 versions of cfingerd.
/* remote exploit for linux/x86 - cfingerd
#include
#include
#include
#include
#include
#include
#include
#include
#define R
Exploit-DB
cfingerd 1.4 - Format String (1)
exploitdb·2001-04-11
CVE-2001-0609 cfingerd 1.4 - Format String (1)
cfingerd 1.4 - Format String (1)
---
source: https://www.securityfocus.com/bid/2576/info
A format string bug in the logging facility of the cfingerd "Configurable Finger Daemon" allows remote users to attain root privileges and execute arbitrary code.
cfingerd queries and logs the remote username of users of the service. If an attacker sets up a remote machine that returns specific format strings instead of a valid username, and connects to cfingerd from that machine, he can exploit the format string bugs. Because cfingerd runs as root, this means the attacker gains full control of the cfingerd host.
An exploit is available against x86 versions of cfingerd.
#!/usr/bin/perl
# Cfingerd exploit to the recent syslog format bug.
# Discovered and written by Lez in 2001.
# you have to use i
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.htmlhttp://www.securityfocus.com/bid/2576https://exchange.xforce.ibmcloud.com/vulnerabilities/6364http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.htmlhttp://www.securityfocus.com/bid/2576https://exchange.xforce.ibmcloud.com/vulnerabilities/6364
2001-08-02
Published