CVE-1999-1348
Description
Linuxconf on Red Hat Linux 6.0 fails to disable PAM access to shutdown command, allowing local users to cause denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linuxconf on Red Hat Linux 6.0 fails to disable PAM access to shutdown command, allowing local users to cause denial of service.
Vulnerability
Linuxconf in Red Hat Linux 6.0 and earlier, version 1.14 subrev 4, improperly handles PAM configuration for the shutdown command. When an administrator denies a user shutdown privileges via linuxconf, the system still allows the user to reboot or shutdown because linuxconf does not correctly update /etc/pam.d/reboot [1].
Exploitation
A local user with a denied shutdown privilege set via linuxconf can simply execute the reboot or shutdown command. The PAM configuration is not properly enforced, allowing the command to succeed without proper authorization [1].
Impact
An attacker can shutdown or reboot the system, leading to a denial of service. No privilege escalation is achieved; the user already has a local account [1].
Mitigation
No official fix was provided in the referenced advisory. As a workaround, system administrators should manually configure /etc/pam.d/reboot or avoid using linuxconf for user privilege management. Applying any available vendor patches or upgrading to a newer release of Red Hat Linux may mitigate the issue [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- marc.infonvd
News mentions
0No linked articles in our index yet.