Required CVE Record Information
Description
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
References 3 Total
- securityfocus.com: 535 vdb-entry
- marc.info: 19990721 old gnu finger bugs mailing-list
- securityfocus.com: 19950317 GNU finger 1.37 executes ~/.fingerrc with gid root mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- securityfocus.com: 535 vdb-entryx_transferred
- marc.info: 19990721 old gnu finger bugs mailing-listx_transferred
- securityfocus.com: 19950317 GNU finger 1.37 executes ~/.fingerrc with gid root mailing-listx_transferred