| VID |
12010 |
| Severity |
40 |
| Port |
98 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Linuxconf web-based management server is vulnerable to a buffer overflow attack.
Linuxconf is an interactive configuration and administration utility for the Linux operating system. By sending a specially-crafted HTTP request packet supplied excessive data to the USER_AGENT field in vulnerable versions of Linuxconf, a remote attacker could cause execute arbitrary code on the server as root.
* References:
http://online.securityfocus.com/bid/2352
http://www.securiteam.com/exploits/3L5QFQKQAY.html |
| Recommendation |
Upgrade to the latest version (1.1.7 or later) of Linuxconf, available from:
http://www.solucorp.qc.ca/linuxconf/
If you do not need Linuxconf, use the Linuxconf utility (command line or X window based version) to disable it. |
| Related URL |
CVE-2000-0017 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
