CVE-2002-1506
published 2003-04-02CVE-2002-1506: Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an…
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.61%
72.9th percentile
Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
| jacques_gelinas | linuxconf | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)
exploitdb·2002-08-28
CVE-2002-1506 Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)
---
source: https://www.securityfocus.com/bid/5585/info
Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems.
A buffer overflow vulnerability has been reported for Linuxconf. The vulnerability is due to insufficent bounds checking of the LINUXCONF_LANG environment variable. An attacker who sets the LINUXCONF_LANG environment variable with an overly large string will be able to cause the buffer overflow condition.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21763.tar.gz
Exploit-DB
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
exploitdb·2002-08-28
CVE-2002-1506 Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (1)
---
// source: https://www.securityfocus.com/bid/5585/info
Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems.
A buffer overflow vulnerability has been reported for Linuxconf. The vulnerability is due to insufficent bounds checking of the LINUXCONF_LANG environment variable. An attacker who sets the LINUXCONF_LANG environment variable with an overly large string will be able to cause the buffer overflow condition.
/*
* Linuxconf
* http://www.netsearch-ezine.com
*
* Tested on:
* Mandrake 8.0
* Mandrake 8.2
* RedHat 7.3
*
* (run without args on directory
* with +w)
*/
#include
#include
#include
#
Exploit-DB
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)
exploitdb·2002-08-28
CVE-2002-1506 Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)
Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/5585/info
Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems.
A buffer overflow vulnerability has been reported for Linuxconf. The vulnerability is due to insufficent bounds checking of the LINUXCONF_LANG environment variable. An attacker who sets the LINUXCONF_LANG environment variable with an overly large string will be able to cause the buffer overflow condition.
/*
* This is an exploit for the linuxconf overflow issue.
*
* The detail of this hole was published on 08.28.2002 by
* David Endler from www.idefense.com.
*
* Tested to work on Redhat
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.htmlhttp://www.iss.net/security_center/static/9980.phphttp://www.securityfocus.com/bid/5585http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.htmlhttp://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.htmlhttp://www.iss.net/security_center/static/9980.phphttp://www.securityfocus.com/bid/5585http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4
2003-04-02
Published