linuxconf contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a symlink to a predictable tmpfilename is created, allowing an attacker to overwrite arbitrary files and potentially gain root privileges.
Upgrade to version 1.11r19-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
This vulnerability was first announced by Greg KH <firstname.lastname@example.org> on January 10, 2001 via Bugtraq.
Wirex Immunix OS 7.0 -Beta
RedHat Linux 7.0
linuxconf is a powerful configuration tool available for various distributions of the Linux Operating System. A problem exists which could potentially allow a race condition and symbolic link attack.
The problem occurs in the creation of /tmp files by linuxconf. The vpop3d program, which is part of the linuxconf package, creates /tmp files in an insecure manner under some circumstances. This could result in guessing of the filename of a future /tmp file, and the creation of a symbolic link to a file writable by the user executing linuxconf, which is normally root. A user with malicious motives could use this vulnerability to potentially overwrite or append to system files.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com.