source: wwwsecurityfocuscom/bid/651/info
Under systems that allow the user to change his GECOS field from the password file and do not limit its length cfingerd is vulnerable to a local root (or nobody) buffer overflow
By setting a carefully designed GECOS field it is possible to execute arbitrary code with root (or nobody ) privileges ...