CVE-1999-1165

Name of the Vulnerable Software and Affected Versions GNU fingerd version 1.37

Description The issue allows local users to gain elevated privileges or read arbitrary files. This can be achieved by exploiting the lack of proper privilege dropping before accessing user information. Specifically, a malicious program in the .fingerrc file could lead to gaining root privileges. Additionally, symbolic links from .plan, .forward, or .project files could be used to read arbitrary files.

Recommendations For GNU fingerd version 1.37, consider restricting access to the .fingerrc file and avoiding the use of symbolic links in .plan, .forward, or .project files until a proper fix is available. As a temporary workaround, dropping privileges before accessing user information can help mitigate the risk.