Linuxconf Remote Buffer Overflow Vulnerablity
BID:2352
Info
Linuxconf Remote Buffer Overflow Vulnerablity
| Bugtraq ID: | 2352 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0017 CVE-2000-0017 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 21 1999 12:00AM |
| Updated: | Jul 06 2016 12:17PM |
| Credit: | reported to bugtraq by Elias Levy <[email protected]> on Tue Dec 21 1999 |
| Vulnerable: |
Jacques Gelinas Linuxconf 1.1.6 r10 |
| Not Vulnerable: |
Jacques Gelinas Linuxconf 1.1.7 |
Discussion
Linuxconf Remote Buffer Overflow Vulnerablity
Linuxconf is a Linux configuration utility from Solucorp.
An attacker supplying excess data to the USER_AGENT field in vulnerable versions of Linuxconf. This data can overflow the relevant buffer, creating a stack overflow and, properly exploited, allowing remote execution of arbitrary code as root.
Linuxconf is a Linux configuration utility from Solucorp.
An attacker supplying excess data to the USER_AGENT field in vulnerable versions of Linuxconf. This data can overflow the relevant buffer, creating a stack overflow and, properly exploited, allowing remote execution of arbitrary code as root.
Exploit / POC
Linuxconf Remote Buffer Overflow Vulnerablity
Exploit available:
Exploit available:
Solution / Fix
Linuxconf Remote Buffer Overflow Vulnerablity
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Linuxconf Remote Buffer Overflow Vulnerablity
References:
References: