GNU指针特权终止漏洞

CNNVD-ID编号 CNNVD-199907-025
CVE编号 CVE-1999-1165
发布时间 1999-07-21
更新时间 2005-10-20
漏洞类型 访问验证错误
漏洞来源 First posted to BugTraq by Thomas Roessler on March 17, 1995. Re-posted to BugTraq by Andrew Jone on March 17, 1999.
危险等级 高危
威胁类型 本地
厂 商 gnu

漏洞介绍

GNU fingerd 1.37版本在访问用户信息之前不能正确终止特权。本地用户可以(1)借助.fingerrc文件中的恶意程序获得根特权,或者(2)借助来自.plan, .forward或 .project文件中的符号连接来读取任意文件。

漏洞补丁

The only solution is to indefinitely disable GNU fingerd until this is addressed. Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

参考网址

受影响实体

信息来源