CVE-2001-0609

CRITICAL

Infodrom cfingerd <1.4.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0609. PoCs published by VeNoMouS, Lez.

AI-analyzed exploit summary This exploit targets a format string vulnerability in cfingerd <= 1.4.3, allowing remote code execution as root. It binds a fake identd server to manipulate the username field and brute-forces the EIP address to execute shellcode.

Description

Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.

Exploits (2)

exploitdb WORKING POC VERIFIED

by VeNoMouS · cremotelinux

https://www.exploit-db.com/exploits/20749

View Code ZIP pw:eip

This exploit targets a format string vulnerability in cfingerd <= 1.4.3, allowing remote code execution as root. It binds a fake identd server to manipulate the username field and brute-forces the EIP address to execute shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: cfingerd <= 1.4.3

No auth needed

Prerequisites: Network access to the target · cfingerd running on the target · Identd service disabled on the attacker's machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Lez · perlremotelinux

https://www.exploit-db.com/exploits/20748

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in cfingerd's logging facility to achieve remote code execution as root. It uses a fake identd server to manipulate the username field and trigger the vulnerability, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: cfingerd 1.4.1-1

No auth needed

Prerequisites: Network access to the target's finger port (79) · Ability to bind to port 113 (identd) on the attacking machine

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/2576

Broken Link, Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/6364

Scores

CVSS v3 9.8

EPSS 0.0991

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-193

Status published

Products (1)

infodrom/cfingerd < 1.4.3

Published Aug 02, 2001

Tracked Since Feb 18, 2026