CVE-2007-4310

Sun Solaris 7-9 - Unauthenticated User Enumeration via Finger Daemon Single-Digit Request

Title source: llm
STIX 2.1

Description

The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474927/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2996
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/474858/100/100/threaded

Scores

EPSS 0.0038
EPSS Percentile 59.3%

Details

Status published
Products (3)
sun/sunos 5.7
sun/sunos 5.8
sun/sunos 5.9
Published Aug 13, 2007
Tracked Since Feb 18, 2026