- Advisory ID
- Betroffene Versionen
- 8.1 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586 , CS1.0 i586
A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege. By default, Mandrake Linux ships linuxconf as setuid root in versions 7.2 through 8.2. Successful exploitation will yield a root shell. MandrakeSoft recommends that all users take steps and remove the setuid bit from linuxconf. This can be done by issuing, as root, the following command: For users of Linux-Mandrake 7.2, the correct location of the linuxconf executable is /sbin.