CVE-1999-0797 in SunOS
Summary
by MITRE
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/17/2026
The vulnerability described in CVE-1999-0797 targets the Network Information Service finger daemon, which is part of the NIS infrastructure commonly used in unix-based systems for centralized network information management. This flaw represents a classic denial of service attack vector that exploits the finger service's lack of proper request rate limiting and resource management. The vulnerability specifically manifests when an attacker floods the system with numerous finger requests, which in turn generates an excessive number of NIS queries that can overwhelm system resources and disrupt legitimate service operations.
The technical implementation of this vulnerability stems from the finger daemon's design philosophy that does not adequately account for malicious request flooding scenarios. When multiple concurrent finger requests are processed simultaneously, each request triggers additional NIS queries to retrieve user information from the network. This creates a cascading effect where the initial flood of finger requests exponentially multiplies the number of NIS queries being generated. The underlying flaw exists in the service's inability to properly throttle or limit incoming requests, allowing an attacker to consume system resources such as CPU cycles, memory, and network bandwidth through simple repetitive requests.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise system availability and integrity within networked environments. Organizations relying on NIS for user authentication and network information services face significant risk when this vulnerability is exploited, as the denial of service can affect multiple network services that depend on NIS for proper operation. The attack can be executed with minimal technical expertise, making it particularly dangerous as it can be leveraged by attackers with basic networking knowledge. Systems may experience complete service unavailability, slow response times, or complete system crashes, depending on the scale of the attack and the system's resource capacity.
The vulnerability aligns with CWE-400, which addresses "Uncontrolled Resource Consumption" and represents a specific instance of resource exhaustion attacks that target network services. From an ATT&CK framework perspective, this vulnerability maps to T1499.004, "Endpoint Denial of Service," and demonstrates how attackers can exploit service design flaws to consume system resources and cause service disruption. Mitigation strategies should include implementing rate limiting mechanisms at the network level, configuring firewalls to restrict finger service access, and deploying intrusion detection systems to monitor for unusual request patterns. Additionally, organizations should consider disabling the finger service entirely if it is not essential for operations, as recommended by security best practices for reducing attack surface. The vulnerability underscores the critical importance of proper resource management and access control in network services, particularly those that interface with centralized directory services like NIS.