Package name
Advisory ID
Affected versions
8.1 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586 , CS1.0 i586

Problem description

A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege. By default, Mandrake Linux ships linuxconf as setuid root in versions 7.2 through 8.2. Successful exploitation will yield a root shell. MandrakeSoft recommends that all users take steps and remove the setuid bit from linuxconf. This can be done by issuing, as root, the following command: For users of Linux-Mandrake 7.2, the correct location of the linuxconf executable is /sbin.

Updated packages

8.1 i586

 na 8.1/RPMS/na

8.0 i586

 na 8.0/RPMS/na

8.2 i586

 na 8.2/RPMS/na

7.2 i586

 na 7.2/RPMS/na

CS1.0 i586

 na 1.0.1/RPMS/na