Locally exploitable buffer overflow in linuxconf
| Package(s): | linuxconf | CVE #(s): | |
| Created: | August 28, 2002 | Updated: | August 28, 2002 |
| Description: | The widely-shipped linuxconf system administration utility has a buffer overflow vulnerability which can be exploited by a local user to obtain a root shell. This exploit only matters, of course, if linuxconf is installed setuid root, but a number of distributions do exactly that. If you have linuxconf installed on systems with untrusted local users, you will probably want to remove the setuid bit until a fix comes out.
For more information check out the full advisory from iDEFENSE. | ||
| Alerts: | (No alerts in the database for this vulnerability) | ||