The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks.
KBBS contains a flaw that may allow a regular user to spoof the system operator (SYSOP) email. The issue is due to the bulletin board accepting white space in user names. This may allow a user to create a name that appears to be the same as the system operator (ie: "John Doe " instead of "John Doe"). Email from such a user may appear to be from the legitimate SYSOP and convince other users to execute commands or perform actions they would not otherwise do.
By default, Oblivion/2 installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.
PCBoard contains a flaw that may allow a user to gain elevated privileges. The issue is due to the system not properly sanitizing input to the OP (Open door) command. If the system allows parameters such as /SYSOP, /DEBUG, or /SEC:255, these parameters can be invoked via the OPEN command to gain privileges.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.