Info

Disclosure

Aug 22, 1998

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

linuxconf contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a symlink to a predictable tmpfilename is created, allowing an attacker to overwrite arbitrary files and potentially gain root privileges.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability

Solution

Upgrade to version 1.11r19-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Red Hat, Inc.

linuxconf

1.11r11-rh3

References

CVE ID: 1999-1328 (see also: NVD)
ISS X-Force ID: 7232
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_3/0612.html
http://archives.neohapsis.com/archives/bugtraq/1998_3/0630.html
Vendor Specific Advisory URL: http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf

Credit

Alex Mottram - alexnet-connect.net -

Direct URL: http://osvdb.org/6068