CVE

CVE-2002-1506

Date: (C)2003-04-02   (M)2023-12-22

Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html

BID-5585

http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4

linuxconf-linuxconflang-env-bo(9980)