PT-2003-1242 · Linux · Linuxconf
Published
2003-03-18
·
Updated
2008-09-05
·
CVE-2002-1506
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linuxconf versions prior to 1.28r4
Description
A buffer overflow issue exists, allowing local users to execute arbitrary code via a long
LINUXCONF LANG environment variable. This variable overflows an error string that is generated.Recommendations
For versions prior to 1.28r4, update to version 1.28r4 or later to resolve the issue. As a temporary workaround, consider restricting the length of the
LINUXCONF LANG environment variable to prevent overflow.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxconf