Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1165

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-1999-1165
Last Modified 05 Sep 2008 04:18:52
Published 21 Jul 1999 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-1999-1165

Summary

GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

Vulnerable Systems

Application

  • Gnu Fingerd 1.37


References

BID - 535

BUGTRAQ - 19950317 GNU finger 1.37 executes ~/.fingerrc with gid root

BUGTRAQ - 19990721 old gnu finger bugs


Last Updated: 27 May 2016 10:35:18