This CVE name corresponds to:
Entered | Topic |
---|---|
2007-12-05 | GNU finger vulnerability |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
Type | Candidate |
Name | CVE-1999-1165 |
Phase | Proposed(20010912) |
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
Source | Reference |
---|---|
BUGTRAQ | 19990721 old gnu finger bugs |
BUGTRAQ | 19950317 GNU finger 1.37 executes ~/.fingerrc with gid root |
BID | 535 |
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.