CVE-1999-0380 is a vulnerability found in SLMail versions 3.1 and 3.2, specifically affecting the Remote Administration Service (RAS) functionality. SLMail is a mail server software developed by Seattle Lab Software. The vulnerability allows local users to access any file on the NTFS file system by manipulating the "Finger File" attribute of a user account. By setting a user's Finger File to point to an arbitrary target file and then executing the 'finger' command on that user, an attacker can read the contents of any file on the system. This exploit leverages the way SLMail handles the finger service and the Remote Administration Service, which does not properly restrict file access permissions. The vulnerability requires local access to the system but does not require authentication, meaning any user with local access can exploit it. The CVSS score is 4.6 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), no authentication required (Au:N), and partial impact on confidentiality, integrity, and availability (C:P/I:P/A:P). No patches or fixes are available for this vulnerability, and there are no known exploits in the wild. Given the age of the vulnerability (published in 1999) and the specific affected versions, modern systems are unlikely to be affected unless legacy SLMail servers are still in operation.

For European organizations, the impact of this vulnerability depends largely on whether legacy SLMail servers are still in use. If such servers are operational, an attacker with local access could read sensitive files on the mail server, potentially exposing confidential communications, credentials, or system configuration files. This could lead to further compromise of the mail infrastructure or lateral movement within the network. The ability to read arbitrary files also threatens data confidentiality and integrity. However, since exploitation requires local access and no remote exploitation vector is indicated, the risk is mitigated by proper network segmentation and access controls. The lack of a patch means organizations must rely on compensating controls or migration to newer, supported mail server software. Given the critical role of mail servers in business communications, any compromise could disrupt operations and damage reputation, especially in sectors handling sensitive data such as finance, healthcare, and government.

1. Immediate mitigation involves restricting local access to SLMail servers to trusted administrators only, minimizing the number of users with local system access. 2. Disable the Remote Administration Service (RAS) if it is not required, as the vulnerability is tied to this service. 3. If SLMail is still in use, consider migrating to a modern, supported mail server solution that receives security updates. 4. Implement strict file system permissions and auditing on the mail server to detect unauthorized access attempts. 5. Employ network segmentation to isolate legacy mail servers from general user networks, reducing the risk of local access by unauthorized users. 6. Use host-based intrusion detection systems (HIDS) to monitor for suspicious finger command usage or unusual file access patterns. 7. Regularly review and update access control policies and ensure that legacy systems are identified and either updated or decommissioned.