There is a problem with the USERLOG option of cfingerd. If you have cfingerd installed on your system, immediately check if you enabled the ALLOW_USERLOG option in /etc/cfingerd.conf. If this is the case, any file on your system can be damaged. The cfingerd daemon needs to run as root. If you have enabled the ALLOW_USERLOG option in /etc/cfingerd.conf, when an incoming finger query like user@your.system arrives, it will log it in ~user/.fingerlog, if this file exists. Exploit: say i'm user joe. $ cd ~joe $ ln -s /etc/shadow .fingerlog $ finger joe@localhost The cfingerd daemon will simply follow the symbolic link, without checking for permissions. This bug was found by a friend, on our school's linux servers. Matei Conovici