GEN:SID 1:332
Message FINGER 0 query
Summary An intelligence gathering attack against the finger daemon
Impact The attacker may obtain information about user accounts on the target system.
Detailed Information This event is generated when an attempt is made to use a finger command against a host with a username of "0".  A finger query against a vulnerable finger daemon may allow the attacker to obtain a list of accounts on the target system with some details for each account where present (such as time and source of the last login).

Obtaining a list of accounts might precipitate further attacks such as password guessing, email attacks and other abuse.
Affected Systems  
Attack Scenarios An attacker learns that the "sys" account exists on the system. He then proceeds to guess the password and is then able to gain remote access to the system.
Ease of Attack Simple, no exploit software required
Corrective Action Disable the finger daemon or limit the addresses that can access the service via firewall or TCP wrappers.
Additional References Arachnids:
http://www.whitehats.com/info/IDS378
http://www.whitehats.com/info/IDS131

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0197

Nessus:
http://cgi.nessus.org/plugins/dump.php3?id=10069%20(Finger%20zero%20at%20host
Rule References arachnids: 131
arachnids: 378
cve: 1999-0197
nessus: 10069