VULHUB ™

A vulnerability has been discovered in akfingerd that may allow attackers to view the contents of potentially sensitive files. This issue is due to the akfinger daemon not dropping supplementary group privileges, as well as insufficient sanity checks of the '.plan' file which is located in a user's home directory. By symlinking a user's '.plan' file to an arbitrary system resource it is possible to cause akfingerd to disclose the symlinked file's contents. It should be noted that this vulnerability was discovered in akfingerd 0.5. It is not yet known whether earlier versions are affected.

A vulnerability has been discovered in akfingerd that may allow attackers to view the contents of potentially sensitive files. This issue is due to the akfinger daemon not dropping supplementary group privileges, as well as insufficient sanity checks of the '.plan' file which is located in a user's home directory. By symlinking a user's '.plan' file to an arbitrary system resource it is possible to cause akfingerd to disclose the symlinked file's contents. It should be noted that this vulnerability was discovered in akfingerd 0.5. It is not yet known whether earlier versions are affected.