can a finger buffer overflow exploit be run only from a command line, telnet/ssh etc? or does it actually run from entering
"finger @here.com <insert overflow here?>

on this server there is no sort of "finger log" that i can find, however ssh is not running. therefore my thinking is this machine could not have been rooted from this exploit.