COMMAND

    linuxconf

SYSTEMS AFFECTED

    RedHat 5.1

PROBLEM

    Alex  Mottram  found  following.   There  exists  a security / DOS
    problem with linuxconf-1.11.r11-rh3/i386 as upgraded from RedHat's
    FTP site.  No other versions have been tested.

        [root@machine SRPMS]# rpm -q linuxconf
        linuxconf-1.11r11-rh3

    The details of the problem are neither new nor exciting so a  very
    brief description follows.  linuxconf creates at least one file in
    /tmp during/at execution, and  will blindly follow a  symlink from
    that file.  As linuxconf is an admin tool, and can/should only  be
    run as root, the possibilities of system smashing are multiple. If
    the security hole is exploited, hosts that you explicitly trust to
    administer linuxconf could be capable of gaining root access.   In
    older versions of linuxconf, the local ethernet network is trusted
    by  default  (except  when  configured  via  BOOTP  or  DHCP);  in
    linuxconf-1.11r18-3rh, no hosts are trusted by default.

SOLUTION

    Both the  maintainer of  linuxconf and  RedHat Software  were made
    aware of this  problem.A version of  linuxconf that does  not have
    this problem is available at:

        ftp://ftp.solucorp.qc.ca/pub/linuxconf/devel/redhat-5.1/linuxconf-1.11r19-1.i386.rpm

    The  linuxconf-1.11r18-3rh  package  fixes  the security hole, and
    also fixes a number of other small bugs that have been  discovered
    since the last release:

        rpm -Uvh ftp://ftp.redhat.com/updates/5.1/i386/linuxconf-1.11r18-3rh.i386.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.1/alpha/linuxconf-1.11r18-3rh.alpha.rpm
        rpm -Uvh ftp://ftp.redhat.com/updates/5.1/sparc/linuxconf-1.11r18-3rh.sparc.rpm