CVE
- Id
- 242
- CVE No.
- CVE-1999-0243
- Status
- Candidate
- Description
- Linux cfingerd could be exploited to gain root access.
- Phase
- Proposed (19990714)
- Votes
- ACCEPT(1) Shostack | NOOP(4) Baker, Levy, Northcutt, Wall | REJECT(2) Christey, Frech
- Comments
- Christey> This has no sources; neither does the original database that | this entry came from. It"s a likely duplicate of | CVE-1999-0813. | Frech> I disagree on the dupe; see Linux-Security Mailing List, | "[linux-security] Cfinger (Yet more :)" at | http://www.geocrawler.com/archives/3/92/1996/9/0/2217716/. Seems as | if v1.2.3 is vulnerable, perhaps 1.3.0 also. CVE-1999-0813 pertains | to 1.4.x and below and shows up two years later. | CHANGE> [Frech changed vote from REVIEWING to REJECT] | Frech> If the reference I previously supplied is correct, then | it appears as if the poster modified the source using authorized | access to make it vulnerable. Modifying the source in this manner | does not qualify as being listed a vulnerability. | I disagree on the dupe; see Linux-Security Mailing List, | "[linux-security] Cfinger (Yet more :)" at | http://www.geocrawler.com/archives/3/92/1996/9/0/2217716/. Seems as | if v1.2.3 is vulnerable, perhaps 1.3.0 also. CVE-1999-0813 pertains | to 1.4.x and below and shows up two years later.
