Vulnerabilities > CVE-2002-1506 - Local Environment Variable Buffer Overflow vulnerability in Linuxconf

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

jacques-gelinas

exploit available

NVD

Published: 2003-04-02

Updated: 2008-09-05

Summary

Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.

Vulnerable Configurations

Part	Description	Count
Application	Jacques_Gelinas Jacques Gelinas Linuxconf 1.1.6R10 Jacques Gelinas Linuxconf 1.1.7 Jacques Gelinas Linuxconf 1.1.8 Jacques Gelinas Linuxconf 1.1.9R1 Jacques Gelinas Linuxconf 1.1.9R2 Jacques Gelinas Linuxconf 1.2 Jacques Gelinas Linuxconf 1.2.1 Jacques Gelinas Linuxconf 1.2.1R1 Jacques Gelinas Linuxconf 1.2.1R2 Jacques Gelinas Linuxconf 1.2.1R3 Jacques Gelinas Linuxconf 1.2.1R4 Jacques Gelinas Linuxconf 1.2.1R5 Jacques Gelinas Linuxconf 1.2.1R6 Jacques Gelinas Linuxconf 1.2.1R7 Jacques Gelinas Linuxconf 1.2.1R8 Jacques Gelinas Linuxconf 1.2.2 Jacques Gelinas Linuxconf 1.2.3 Jacques Gelinas Linuxconf 1.2.3R1 Jacques Gelinas Linuxconf 1.2.3R2 Jacques Gelinas Linuxconf 1.2.4 Jacques Gelinas Linuxconf 1.2.4R2 Jacques Gelinas Linuxconf 1.2.4R4 Jacques Gelinas Linuxconf 1.2.4R5 Jacques Gelinas Linuxconf 1.2R1 Jacques Gelinas Linuxconf 1.2R2 Jacques Gelinas Linuxconf 1.27 Jacques Gelinas Linuxconf 1.27R3 Jacques Gelinas Linuxconf 1.27R4 Jacques Gelinas Linuxconf 1.27R5 Jacques Gelinas Linuxconf 1.28 Jacques Gelinas Linuxconf 1.28R1 Jacques Gelinas Linuxconf 1.28R2 Jacques Gelinas Linuxconf 1.28R3	33

Exploit-Db

description	Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (2). CVE-2002-1506. Local exploit for linux platform
id	EDB-ID:21762
last seen	2016-02-02
modified	2002-08-28
published	2002-08-28
reporter	David Endler
source	https://www.exploit-db.com/download/21762/
title	Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow Vulnerability 2

description	Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (1). CVE-2002-1506. Local exploit for linux platform
id	EDB-ID:21761
last seen	2016-02-02
modified	2002-08-28
published	2002-08-28
reporter	RaiSe
source	https://www.exploit-db.com/download/21761/
title	Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow Vulnerability 1

description	Linuxconf 1.1.x/1.2.x Local Environment Variable Buffer Overflow Vulnerability (3). CVE-2002-1506. Local exploit for linux platform
id	EDB-ID:21763
last seen	2016-02-02
modified	2002-08-28
published	2002-08-28
reporter	syscalls
source	https://www.exploit-db.com/download/21763/
title	Linuxconf 1.1.x / 1.2.x - Local Environment Variable Buffer Overflow Vulnerability 3

Summary

Vulnerable Configurations

Exploit-Db

References