CVE-2001-0735
published 2001-10-18CVE-2001-0735: Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the…
PriorityP422high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.64%
73.4th percentile
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cfingerd | < cfingerd 1.4.3-1.1 (bookworm) | cfingerd 1.4.3-1.1 (bookworm) |
| infodrom | cfingerd | — | — |
| infodrom | cfingerd | — | — |
| infodrom | cfingerd | — | — |
| infodrom | cfingerd | >= 0 < 1.4.3-1.1 | 1.4.3-1.1 |
| infodrom | cfingerd | >= 0 < 1.4.3-1.1 | 1.4.3-1.1 |
| infodrom | cfingerd | >= 0 < 1.4.3-1.1 | 1.4.3-1.1 |
| infodrom | cfingerd | >= 0 < 1.4.3-1.1 | 1.4.3-1.1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j7gx-9mq3-49g8: Buffer overflow in cfingerd 1
ghsa_unreviewed·2022-04-30
CVE-2001-0735 [HIGH] GHSA-j7gx-9mq3-49g8: Buffer overflow in cfingerd 1
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
OSV
CVE-2001-0735: Buffer overflow in cfingerd 1
osv·2001-10-18·CVSS 7.2
CVE-2001-0735 [HIGH] CVE-2001-0735: Buffer overflow in cfingerd 1
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
Debian
CVE-2001-0735: cfingerd - Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option...
vendor_debian·2001·CVSS 7.2
CVE-2001-0735 [HIGH] CVE-2001-0735: cfingerd - Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option...
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
Scope: local
bookworm: resolved (fixed in 1.4.3-1.1)
bullseye: resolved (fixed in 1.4.3-1.1)
forky: resolved (fixed in 1.4.3-1.1)
sid: resolved (fixed in 1.4.3-1.1)
trixie: resolved (fixed in 1.4.3-1.1)
No detection rules found.
Exploit-DB
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (2)
exploitdb·2001-07-11
CVE-2001-0735 cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (2)
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
/************************************************************
http://www.infodrom.ffis.de/projects/cfingerd/ states:
Cfingerd is a free and secure finger daemon replacement for
standard finger daemons such as GNU
Exploit-DB
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3)
exploitdb·2001-07-10
CVE-2001-0735 cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3)
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (3)
---
// source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
/*
* cfingerd 1.4.3 and prior Linux x86 local root exploit
* by qitest1 10/07/2001
*
* This code successfully exploits the bof vulnerability found by
* Steven Van Acker and recently posted to
* bugtraq. If the ALLOW
Exploit-DB
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (1)
exploitdb·2001-06-21
CVE-2001-0735 cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (1)
cfingerd 1.4.1/1.4.2/1.4.3 Utilities - Local Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/2914/info
cfingerd is a secure implementation of the finger daemon. cfingerd has been contributed to by many authors, and is maintained by the cfingerd development team.
A buffer overflow in cfingerd makes it possible for a local user to gain elevated privileges. Due to insufficient validation of input, a user can execute arbitrary code through the .nofinger file.
This makes it possible for a local user to gain elevated privileges, and potentially root access.
#!/usr/bin/perl
# | Local buffer overflow exploit for cfingerd
# | Copyright (c) 2001 by
# | All rights reserved.
# |
# | Simple exploit for the vulnerability reported
# | to bugtraq by Steven Van Acker.
# | http://ww
No writeups or analysis indexed.
http://www.debian.org/security/2001/dsa-066http://www.securityfocus.com/archive/1/01071120191900.00788%40localhost.localdomainhttp://www.securityfocus.com/archive/1/192844http://www.securityfocus.com/bid/2914https://exchange.xforce.ibmcloud.com/vulnerabilities/6744http://www.debian.org/security/2001/dsa-066http://www.securityfocus.com/archive/1/01071120191900.00788%40localhost.localdomainhttp://www.securityfocus.com/archive/1/192844http://www.securityfocus.com/bid/2914https://exchange.xforce.ibmcloud.com/vulnerabilities/6744
2001-10-18
Published