CNNVD-ID编号 | CNNVD-199907-025 |
CVE编号 | CVE-1999-1165 |
发布时间 | 1999-07-21 |
更新时间 | 2005-10-20 |
漏洞类型 | 访问验证错误 |
漏洞来源 | First posted to BugTraq by Thomas Roessler |
危险等级 | 高危 |
威胁类型 | 本地 |
厂 商 | gnu |
GNU fingerd 1.37版本在访问用户信息之前不能正确终止特权。本地用户可以(1)借助.fingerrc文件中的恶意程序获得根特权,或者(2)借助来自.plan, .forward或 .project文件中的符号连接来读取任意文件。
The only solution is to indefinitely disable GNU fingerd until this is addressed. Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
来源: BID
名称: 535
来源: BUGTRAQ
名称: 19950317 GNU finger 1.37 executes ~/.fingerrc with gid root