Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Red Hat/Fedora :: linuxcnf.txt

Linuxconf as shipped with RedHat 5.1 contains a /tmp bug.





[ http://www.rootshell.com/ ]

Date:         Sat, 22 Aug 1998 20:35:42 -0500
From:         Alex Mottram <alex@NET-CONNECT.NET>
Subject:      Security concerns in linuxconf shipped w/RedHat 5.1

There exists a security / DOS problem with linuxconf-1.11.r11-rh3/i386 as
upgraded from RedHat's FTP site.  No other versions have been tested by me. 
Both the maintainer of linuxconf and RedHat Software were made aware of this
problem.

[root@machine SRPMS]# rpm -q linuxconf
linuxconf-1.11r11-rh3

The details of the problem are neither new nor exciting so a very brief
description follows:

linuxconf creates at least one file in /tmp during/at execution, and
will blindly follow a symlink from that file.  As linuxconf is an admin
tool, and can/should only be run as root, the possibilities of system
smashing are multiple.

A version of linuxconf that does not have this problem is available at:
ftp://ftp.solucorp.qc.ca/pub/linuxconf/devel/redhat-5.1/linuxconf-1.11r19-1.i386.rpm

Thanks to Jacques Gelinas (linuxconf maintainer)  for releasing a fixed
version quickly.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH