CVE-2002-1506

Linuxconf - Buffer Overflow via LINUXCONF_LANG Environment Variable

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-1506. PoCs published by syscalls, David Endler, RaiSe.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in Linuxconf due to insufficient bounds checking of the LINUXCONF_LANG environment variable. An attacker can exploit this by setting an overly large string in the environment variable to trigger the overflow.

Description

Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.

Exploits (3)

exploitdb WRITEUP VERIFIED
by syscalls · textlocallinux
https://www.exploit-db.com/exploits/21763

The provided text describes a buffer overflow vulnerability in Linuxconf due to insufficient bounds checking of the LINUXCONF_LANG environment variable. An attacker can exploit this by setting an overly large string in the environment variable to trigger the overflow.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: Linuxconf (version not specified)
No auth needed
Prerequisites: Access to set environment variables · Linuxconf installed as setuid root
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David Endler · clocallinux
https://www.exploit-db.com/exploits/21762

This exploit leverages a buffer overflow in Linuxconf via the LINUXCONF_LANG environment variable to execute arbitrary shellcode. It is a classic stack-smashing attack, tested on Redhat 7.0 with linuxconf 1.25r3.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linuxconf 1.25r3
No auth needed
Prerequisites: Linuxconf installed as setuid root · Ability to set environment variables
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by RaiSe · clocallinux
https://www.exploit-db.com/exploits/21761

This exploit leverages a buffer overflow in Linuxconf via the LINUXCONF_LANG environment variable to achieve local privilege escalation. It uses ptrace to locate the shellcode address dynamically and executes a reverse shell payload.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linuxconf <= 1.28r3
No auth needed
Prerequisites: Local access to the target system · Linuxconf installed as setuid root · Write permissions in the current directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5585
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9980.php

Scores

EPSS 0.0161
EPSS Percentile 72.9%

Details

Status published
Products (33)
jacques_gelinas/linuxconf 1.1.6r10
jacques_gelinas/linuxconf 1.1.7
jacques_gelinas/linuxconf 1.1.8
jacques_gelinas/linuxconf 1.1.9r1
jacques_gelinas/linuxconf 1.1.9r2
jacques_gelinas/linuxconf 1.2
jacques_gelinas/linuxconf 1.2.1
jacques_gelinas/linuxconf 1.2.1r1
jacques_gelinas/linuxconf 1.2.1r2
jacques_gelinas/linuxconf 1.2.1r3
... and 23 more
Published Apr 02, 2003
Tracked Since Feb 18, 2026