Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Mon, 1 Jun 1998 17:58:24 +0100


Hi!!

Someone wrote:

the binary RPMs have always been shipped with suid linuxconf. Does this
announce mean that linuxconf has been found insecure, so that is MUST not
be used suid ? I haven't seen anything about linuxconf on BUGTRAQ, apart
from your posting.

I alerted RedHat to the insecurity in a suid root linuxconf. I didn't cc:
to bugtraq (only the xosview got cc:'ed here which still isn't fixed).


Now RedHat have a fixed rpm out, I suppose I had better spill the beans.

Set environment variable "LANG" to a long string (about 1k should do it).
Run linuxconf. Watch crash. Smile.

Note that discovery of this problem was trivial.

Most importantly, please note that there are probably plenty of other
security holes in linuxconf apart from this one.

Cheers
Chris



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]