Security Information / 1998 / Security Information -- cfingerd

Debian Security Advisory

cfingerd -- potentially allows local root exploits

Date Reported:

27 Aug 1998

Affected Packages:

cfingerd

Vulnerable:

No

Security database references:

No other external database security references currently available.

More information:

We have received a report that a user can execute arbitrary commands from a .plan or .project file. While the option that would allow this is disabled by default the system is vulnerable if the system admin had this option enabled.

We recommend you upgrade your cfingerd package immediately.