Debian Security Advisory
cfingerd -- potentially allows local root exploits
- Date Reported:
- 27 Aug 1998
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled.
We recommend you upgrade your cfingerd package immediately.