CVE-1999-1165
GNU Fingerd — NVD-CWE-Other
- Published: 1999-07-21T04:00:00.000
- Last modified: 2025-04-03T01:03:51.193
- Vendors: GNU
- Products: Fingerd
- CWE: NVD-CWE-Other
CVE-1999-1165 — GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. [Weakness: NVD-CWE-Other]
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No items for this vendor.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
🧠 Explainer: What this vulnerability means
Summary: The issue in Fingerd by GNU (CWE: unspecified) may enable attacks.
Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.
Mitigation: Prioritize patching and consider temporary workarounds documented by the vendor.
- http://marc.info/?l=bugtraq&m=93268249021561&w=2 []
- http://www.securityfocus.com/archive/1/2478 [Exploit, Vendor Advisory]
- http://www.securityfocus.com/bid/535 [Patch, Vendor Advisory]
- http://marc.info/?l=bugtraq&m=93268249021561&w=2 []
- http://www.securityfocus.com/archive/1/2478 [Exploit, Vendor Advisory]
- http://www.securityfocus.com/bid/535 [Patch, Vendor Advisory]