[转载]fkey Symblink Vulnerability

信息来源：www.securiteam.com

Summary
fkey is "a scalable finger daemon type server for public display of user-specified files, e.g. PGP keys, contact information, etc. Users edit their data file (supplied as an ASCII text file), and the finger daemon displays it on public request. It may be used as a banner server".

Due to improper usage of local files by fkey, its possible for a local attacker to use the program to gain elevated privileges.

Credit:
The information has been provided by Vade 79.
The original article can be found at: http://fakehalo.us/xfkey.c

Details
Exploit:
http://www.eviloctal.com/forum/r ... oread=1&fpage=1