Privilege Escalation in GNU Fingerd Affects User Information Access
CVE-1999-1165
Currently unrated
Summary
GNU Fingerd version 1.37 contains a security flaw where it fails to properly drop privileges before accessing user information. This oversight allows local users to execute malicious programs via the .fingerrc file, potentially gaining root privileges. Additionally, the vulnerability enables unauthorized access to sensitive information by reading arbitrary files through symbolic links established in .plan, .forward, or .project files. Proper privilege management measures are essential to mitigate these risks and protect system integrity.
References
Timeline
Vulnerability Reserved
Vulnerability published