QwikSec

Security Database

CVE

CWE

Training

CVE-1999-1165

Published: Sep 12, 2001

Modified: Aug 1, 2024

PUBLISHED

Description

GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

19990721 old gnu finger bugs

mailing-list

x_refsource_BUGTRAQ

19950317 GNU finger 1.37 executes ~/.fingerrc with gid root

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.