OSVDB ID: 6068

Title: Linuxconf Symlink Arbitrary File Overwrite

Info

Disclosure

Aug 22, 1998

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

linuxconf contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a symlink to a predictable tmpfilename is created, allowing an attacker to overwrite arbitrary files and potentially gain root privileges.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability

Solution

Upgrade to version 1.11r19-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Red Hat, Inc.

linuxconf

1.11r11-rh3

References

Credit

  • Alex Mottram - alexnet-connect.net -


Direct URL: http://osvdb.org/6068