Detections
Analytics

CVE-1999-1165

high

Description

GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.

References

http://www.securityfocus.com/bid/535

http://marc.info/?l=bugtraq&m=93268249021561&w=2

Details

Source: Mitre, NVD

Published: 1999-07-21

Updated: 2016-10-18

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High