CVE-1999-1165

GNU fingerd 1.37 is affected. The flaw is failure to drop privileges before accessing user information, enabling local attackers to (1) gain root via a malicious .fingerrc and (2) read arbitrary files via .plan/.forward/.project symbolic links. No patch/version or remediation is specified in the ...