Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Possible Linuxconf Vulnerability

From: prestochango () ANTIONLINE COM (The Nefarious Type)
Date: Thu, 29 Apr 1999 18:45:40 -0400

        
        An older version of linuxconf was packaged with Redhat 5.1 and  I had
not run into any problems with that version. But after installing the latest
version (linuxconf-1.13r15-1) onto OpenLinux 1.3, I came upon a problem during
boot. It had not detected /sbin/clock, so a menu appeared during boot and asked
if I wanted to change this. This happened all before I was even prompted for a
login.          
        The fact that someone who has physical access to the server can
access linuxconf (which by default, can only be used under root) is kind of
disturbing. So far, I have not been able to exploit this problem, though I'm
guessing that it could be done (e.g. from that menu, access user configuration,
etc.).

Linuxconf Homepage
http://www.solucorp.qc.ca/linuxconf/


-PrestoChango
Previous By Date Next
Previous By Thread Next

Current thread: