Red Hat linuxconf LANG Overflow Command Execution

1998-06-01T17:58:24
ID OSVDB:6065
Type osvdb
Reporter Chris Evans(chris@ferret.lmh.ox.ac.uk)
Modified 1998-06-01T17:58:24

Description

Vulnerability Description

Red Hat linuxconf contains a flaw that may allow a malicious user to gain root privileges. The issue is triggered when setting a long LANG environmental variable. It is possible that the flaw may allow arbitrary commands execution resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 1.11r18-3rh or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Red Hat linuxconf contains a flaw that may allow a malicious user to gain root privileges. The issue is triggered when setting a long LANG environmental variable. It is possible that the flaw may allow arbitrary commands execution resulting in a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Related OSVDB ID: 6067 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_2/0458.html ISS X-Force ID: 7239 CVE-1999-1327