The finger service provides information about local users in response to queries from remote systems. This information can include login ids (account names), home directory, the type of local shell, the last time the user logged in, and the remote system the user logged in from. This information can be used for further more focused attacks.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Access to the finger service should be restrcited from the general public, or removed entirely if operationally possible.