fingerd in FreeBSD 4.1.1 allows remote malicious users to read arbitrary files by specifying the target file name instead of a regular user name.
freebsd freebsd 4.1.1