xandros-autorun.txt

2002-06-03T00:00:00
ID PACKETSTORM:26163
Type packetstorm
Reporter dotslash@snosoft.com
Modified 2002-06-03T00:00:00

Description

                                        
                                            `There is a new debian based distro called Xandros making its way on to the market.I believe the developers from Corel Linux are on board with Xandros. It has at least one public beta and another  
on the way and I know of at least one OS that uses it as its backend. I got a chance to play on a couple of Xandros based distros and came up with a few security issues.   
  
Due to some extremely sketchy wording on disclosure by one of the above mentioned distros I will refrence all distros in general as a "Xandros based flavor of linux". I can not verify that the  
holes are shared in all flavors.   
  
The first issue I am going to disclose is in the setuid autorun binary. If this binary is called with the command line argument -c and any file name you are able to read the first line of that  
file... for example /etc/shadow.   
  
exploit: autorun -c /etc/shadow   
  
Here is part of the response from the developer regarding only this issue... I just informed them of 6 others that I am aware of.   
  
---------- Author or Developers response ----------------   
  
I have fixed the bug in autorun. There will be a new package posted   
for Xandros Desktop Beta 2. A fix for Beta 1 will not be provided as we   
are not supporting older beta releases in any way. Lindows.com has been   
notified as well, but we have yet to hear back from them.   
  
As soon as our QA department gives us the green light, a notice will be   
posted to the beta newsgroups and the new package will be posted on the   
ftp site.   
---------------------------------------------------------   
  
http://www.snosoft.com   
-KF   
`