[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#158637: [dendler@idefense.com: iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow]

severity 158637 important

On Sat, Sep 21, 2002 at 02:38:55PM +0200, Michael Banck wrote:
> tags 158637 + patch
> thanks
> As I stated, debian's linuxconf package should not be vulnerable, as it
> is not installed setuid root.
> Nevertheless, I've backported the patch from the latest upstream
> version, which makes the exploit[1] fail even if you happen to set
> linuxconf setuid root.

Would you mind uploading this? linuxconf is orphaned, and nobody has yet
offered to maintain it.

Since, as you say, we don't install linuxconf setuid root, I've
downgraded the bug in the meantime.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: