Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)

EDB-ID:

21763


Author:

syscalls

Type:

local


Platform:

Linux

Date:

2002-08-28


source: https://www.securityfocus.com/bid/5585/info
  
Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems.
  
A buffer overflow vulnerability has been reported for Linuxconf. The vulnerability is due to insufficent bounds checking of the LINUXCONF_LANG environment variable. An attacker who sets the LINUXCONF_LANG environment variable with an overly large string will be able to cause the buffer overflow condition. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21763.tar.gz