8519855 2002-05-28 06:37 -0400 /31 rader/ KF <dotslash@snosoft.com> Sänt av: joel@lysator.liu.se Importerad: 2002-05-30 01:12 av Brevbäraren Extern mottagare: vuln-dev@security-focus.com Extern mottagare: bugtraq@securityfocus.org Mottagare: Bugtraq (import) <22444> Ärende: Xandros based linux autorun -c ------------------------------------------------------------ From: KF <dotslash@snosoft.com> To: vuln-dev@security-focus.com, bugtraq@securityfocus.org Message-ID: <3CF35DE8.2030509@snosoft.com> There is a new debian based distro called Xandros making its way on to the market.I believe the developers from Corel Linux are on board with Xandros. It has at least one public beta and another on the way and I know of at least one OS that uses it as its backend. I got a chance to play on a couple of Xandros based distros and came up with a few security issues. Due to some extremely sketchy wording on disclosure by one of the above mentioned distros I will refrence all distros in general as a "Xandros based flavor of linux". I can not verify that the holes are shared in all flavors. The first issue I am going to disclose is in the setuid autorun binary. If this binary is called with the command line argument -c and any file name you are able to read the first line of that file... for example /etc/shadow. exploit: autorun -c /etc/shadow Here is part of the response from the developer regarding only this issue... I just informed them of 6 others that I am aware of. ---------- Author or Developers response ---------------- I have fixed the bug in autorun. There will be a new package posted for Xandros Desktop Beta 2. A fix for Beta 1 will not be provided as we are not supporting older beta releases in any way. Lindows.com has been notified as well, but we have yet to hear back from them. As soon as our QA department gives us the green light, a notice will be posted to the beta newsgroups and the new package will be posted on the ftp site. --------------------------------------------------------- http://www.snosoft.com -KF (8519855) /KF <dotslash@snosoft.com>/-----(Ombruten)