PT-1999-1067 · Slmail · Slmail

Published

1999-02-25

Updated

2017-10-10

CVE-1999-0380

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SLMail versions 3.1 through 3.2

Description The issue allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled. This is achieved by setting a user's Finger File to point to the target file, then running finger on the user.

Recommendations For SLMail versions 3.1 and 3.2, consider disabling the Remote Administration Service (RAS) until a patch is available. As a temporary workaround, restrict the use of the finger command on users to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-0380

Affected Products

Slmail

PT-1999-1067 · Slmail · Slmail

CVE-1999-0380

Related Identifiers

Affected Products

References · 6