CVE-1999-1165 — HIGH severity vulnerability (GNU fingerd 1.37 does not properly drop privileges before ac)
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
| CVE ID | CVE-1999-1165 |
|---|---|
| Severity | HIGH |
| CVSS score | 7.2 |
| CVSS vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| CWE | NVD-CWE-Other |
| Status | Modified |
| Published | 1999-07-21 |
| Last modified | 2026-04-16 |
| Description | GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →