Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: lnx5389.htm

Xandros autorun permit local protected file reading



31th May 2002 [SBWID-5389]
COMMAND

	Xandros autorun permit local protected file reading

SYSTEMS AFFECTED

	Xandros Desktop beta 1 & 2

PROBLEM

	KF from snowsoft [http://www.snowsoft.com]  reported  following  bug  on
	Xandros, a new Debian based distribution [http://www.xandros.com/].
	

	There is a bug in the autorun setuid binary. If this  binary  is  called
	with the command line argument -c and any file  name  you  are  able  to
	read the first line of that file... for example /etc/shadow.
	

	 Exploit 

	 =======

	

	

	autorun -c /etc/shadow 

	

SOLUTION

	Patch should be released for beta 2


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH