[CentOS] Another Fedora decision

Thu Feb 5 14:48:22 UTC 2015
Lamar Owen <lowen at pari.edu>

On 02/04/2015 05:55 PM, Warren Young wrote:
>> On Feb 4, 2015, at 3:16 PM, Lamar Owen <lowen at pari.edu> wrote:
>>
>> There have been remotely exploitable vulnerabilities where an arbitrary file could be read
> CVEs, please?
CVE-2006-3392 for one.  As this one was against Webmin, well, webmin by 
nature has to have root access.  Yeah, webmin should not be configured 
to be accessible from the internet at large, but that's not the point.  
Yes, it is an old one, but there are I'm sure other vulnerabilities that 
have either not been found or not been published.

And then, a long time ago, in an OS far far away, there was 
CVE-2000-0915 (FreeBSD 4.1.1 Finger Arbitrary Remote File Access) where 
the advisory text description included the following wording:
"The finger daemon running on the remote host will reveal the contents
of arbitrary files when given a command similar to the following :

finger /etc/passwd at target

Which will return the contents of /etc/passwd."