Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

linuxconf.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Security issue found in linuxconf, allowing symlink attacks when run as root user.

Code
`Date: Sat, 22 Aug 1998 20:35:42 -0500  
From: Alex Mottram <[email protected]>  
Subject: Security concerns in linuxconf shipped w/RedHat 5.1  
  
There exists a security / DOS problem with linuxconf-1.11.r11-rh3/i386 as  
upgraded from RedHat's FTP site. No other versions have been tested by me.   
Both the maintainer of linuxconf and RedHat Software were made aware of this  
problem.  
  
[root@machine SRPMS]# rpm -q linuxconf  
linuxconf-1.11r11-rh3  
  
The details of the problem are neither new nor exciting so a very brief  
description follows:  
  
linuxconf creates at least one file in /tmp during/at execution, and  
will blindly follow a symlink from that file. As linuxconf is an admin  
tool, and can/should only be run as root, the possibilities of system  
smashing are multiple.  
  
A version of linuxconf that does not have this problem is available at:  
ftp://ftp.solucorp.qc.ca/pub/linuxconf/devel/redhat-5.1/linuxconf-1.11r19-1.i386.rpm  
  
Thanks to Jacques Gelinas (linuxconf maintainer) for releasing a fixed  
version quickly.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
linuxconf security problemredhat upgrade issuesymlink attack vulnerabilityroot user riskfixed version available.
20