Network Security News – Sunday, September 11, 2005 Events
Multiple Unix Vendor fingerd Symlink Arbitrary Privileged File Access
fingerd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a .plan file in a user's home directory is replaced by a symbolic link to another file. fingerd will follow the link and display content of the linked file on subsequent finger requests, resulting in a loss of confidentiality.. Read more at osvdb.org/3653
Leave a Reply