Privilege Escalation in GNU Fingerd Affects User Information Access
CVE-1999-1165

Currently unrated

Key Information:

Vendor
Gnu
Status
Fingerd
Vendor
CVE Published:
21 July 1999

Summary

GNU Fingerd version 1.37 contains a security flaw where it fails to properly drop privileges before accessing user information. This oversight allows local users to execute malicious programs via the .fingerrc file, potentially gaining root privileges. Additionally, the vulnerability enables unauthorized access to sensitive information by reading arbitrary files through symbolic links established in .plan, .forward, or .project files. Proper privilege management measures are essential to mitigate these risks and protect system integrity.

References

http://www.securityfocus.com/bid/535
vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=93268249021561&w=2
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/2478
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.