efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.