CVE-1999-0380

Name of the Vulnerable Software and Affected Versions SLMail versions 3.1 through 3.2

Description The issue allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled. This is achieved by setting a user's Finger File to point to the target file, then running finger on the user.

Recommendations For SLMail versions 3.1 and 3.2, consider disabling the Remote Administration Service (RAS) until a patch is available. As a temporary workaround, restrict the use of the finger command on users to minimize the risk of exploitation.