Privilege Escalation in GNU Fingerd Affects User Information Access
CVE-1999-1165

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
21 July 1999

Summary

GNU Fingerd version 1.37 contains a security flaw where it fails to properly drop privileges before accessing user information. This oversight allows local users to execute malicious programs via the .fingerrc file, potentially gaining root privileges. Additionally, the vulnerability enables unauthorized access to sensitive information by reading arbitrary files through symbolic links established in .plan, .forward, or .project files. Proper privilege management measures are essential to mitigate these risks and protect system integrity.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.