GEN:SID 1:325
Message FINGER probe 0 attempt
Summary This is an intelligence gathering activity.
Impact The attacker may obtain a list of accounts existing on the target host.
Detailed Information This event is generated when an attempt is made to use a finger command against a host with a username of "0".  A finger query against a vulnerable finger daemon may allow the attacker to obtain a list of accounts on the target system with some details for each account where present (such as time and source of the last login).

Obtaining a list of accounts might precipitate further attacks such as password guessing, email attacks and other abuse.
Affected Systems  
Attack Scenarios An attacker learns that the "sys" account exists on the system. He then proceeds to guess the password and is then able to gain remote access to the system.
Ease of Attack Simple, no exploit software required
Corrective Action Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers.
Additional References Arachnids:
http://www.whitehats.com/info/IDS378

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0197

Nessus:
http://cgi.nessus.org/plugins/dump.php3?id=10069%20(Finger%20zero%20at%20host
Rule References arachnids: 378