CVE-1999-1165

Currently unrated

Key Information:

Vendor: Gnu
Status: Fingerd
Vendor: CVE Published:; 21 July 1999

Summary

GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

References

http://www.securityfocus.com/bid/535

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=93268249021561&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/2478

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Aug 31, 2001
Vulnerability published
Jul 21, 1999