[7738] in bugtraq
Security concerns in linuxconf shipped w/RedHat 5.1
daemon@ATHENA.MIT.EDU (Alex Mottram)
Sat Aug 22 22:05:01 1998
Date: Sat, 22 Aug 1998 20:35:42 -0500
Reply-To: Alex Mottram <alex@NET-CONNECT.NET>
From: Alex Mottram <alex@NET-CONNECT.NET>
To: BUGTRAQ@NETSPACE.ORG
There exists a security / DOS problem with linuxconf-1.11.r11-rh3/i386
as upgraded from RedHat's FTP site. No other versions have been tested
by me. Both the maintainer of linuxconf and RedHat Software were made
aware of this problem.
[root@machine SRPMS]# rpm -q linuxconf
linuxconf-1.11r11-rh3
The details of the problem are neither new nor exciting so a very brief
description follows:
linuxconf creates at least one file in /tmp during/at execution, and
will blindly follow a symlink from that file. As linuxconf is an admin
tool, and can/should only be run as root, the possibilities of system
smashing are multiple.
A version of linuxconf that does not have this problem is available at:
ftp://ftp.solucorp.qc.ca/pub/linuxconf/devel/redhat-5.1/linuxconf-1.11r19-1.i386.rpm
Thanks to Jacques Gelinas (linuxconf maintainer) for releasing a fixed
version quickly.
