This host is running Finger service and is prone to information disclosure vulnerability.

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Disable finger service, or install a finger service or daemon that limits the type of information provided.

The flaw exists due to finger service display a list of unused accounts for a 'finger 0@host' request.

GNU Finger.

• http://osvdb.org/show/osvdb/60
• http://www.iss.net/security_center/reference/vuln/finger-unused-accounts.htm
• http://xforce.iss.net/xforce/xfdb/8378

---

Updated on 2015-03-25