CVE-1999-1165

CVSS 2.0 Score 7.2 of 10 (high)

Details

Published Jul 21, 1999
Updated: Oct 18, 2016

Summary

CVE-1999-1165 is a vulnerability affecting the GNU fingerd service version 1.37. This issue arises from the service's failure to drop privileges appropriately before handling user information. As a result, local users can exploit this vulnerability in two ways: by gaining root privileges via a maliciously crafted .fingerrc file or by reading arbitrary files through symbolic links present in .plan, .forward, or .project files. This security flaw poses a significant risk if not addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share