Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow Vulnerability 3

2002-08-28T00:00:00
ID EDB-ID:21763
Type exploitdb
Reporter syscalls
Modified 2002-08-28T00:00:00

Description

Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (3). CVE-2002-1506. Local exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/5585/info
  
Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems.
  
A buffer overflow vulnerability has been reported for Linuxconf. The vulnerability is due to insufficent bounds checking of the LINUXCONF_LANG environment variable. An attacker who sets the LINUXCONF_LANG environment variable with an overly large string will be able to cause the buffer overflow condition. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/21763.tar.gz