33 matches found
EUVD-2000-0048
Malware in sbrugna...
EUVD-2000-0192
Malware in sbrugna...
EUVD-2000-0193
Malware in sbrugna...
EUVD-2000-0194
Malware in sbrugna...
Corel Linux OS 1.0 buildxconfig Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/1007/info Several vulnerabilities exist in the buildxconfig program, as included with Corel Linux 1.0. Using this program, it is likely that a local user could elevate privileges. By failing to check input to the -f and -...
Corel Linux OS 1.0 get_it PATH Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/928/info A component of the Corel Update utility distributed with Corel's Linux OS is vulnerable to a local PATH vulnerability. The binary getit, which is stored in /usr/X11R6/bin, is setuid root installed by default on a...
Corel Linux OS 1.0 setxconf Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1008/info A vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on /.xserverrc. A...
Corel Linux OS 1.0 Dosemu Distribution Configuration Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1030/info A vulnerability exists in the configuration of Dosemu, the DOS emulator, as shipped with Corel Linux 1.0. Dosemu documentation cautions that the system.com binary should not be made available to users, as it...
Corel Linux dosemu缺省配置错误漏洞
Core Linux 1.0所带的DOSEMU中有个缺省的配置错误,这可能被本地用户利用以root权限来 执行任意命令。这个问题在于任何运行了dosemu进入DOS仿真模式的用户都被允许执行 system.com命令,这个命令将执行libc库函数system,并没有完全放弃root特权,所以攻击 者可能利用这个漏洞执行任何命令(以root身份 Dosemu + Core Linux 1.0 禁止用户执行system.com nebula:$ id uid=1000suid gid=1000suid groups=1000suid nebula:$ cat hack-corel...
Corel Linux 1.0 xconf工具存在多个安全漏洞
Corel Linux中的xconf工具中缺乏对用户输入的有效检查,并且没有正确放弃特权。因此本 地用户可以利用这些漏洞获得root权限,或者导致拒绝服务攻击。 1 将XF86Config的一些数据添加到系统中的任意文件中去。 /sbin/buildxconf没有检查用户输入的数据,并且被设置了setuid root位。当用"-f" 参数执行它时,用户可以将输出存储到一个指定文件,比如/etc/shadow 2 用一些垃圾数据替换掉任何存在文件的第一行 当用"-x"参数执行buildxconf程序时,它将用X server的路径/文件名替代掉指定文件的第...
Corel Linux get_it 路径漏洞
随Corel's Linux OS发布的"Corel Update" 的一个组件程序存在本地路径漏洞。保存在/usr/X11R6/bin中的二进制文件"getit"缺省安装时是一个setuid root文件它是.deb包安装/升级程序的一部分)。getit在它调用'cp'时(没有使用全路径依赖路径来确定有效性,这就造成了通过改变第一搜索路径可以让一个任意的程序调用'cp')来继承root权限。其后果是可以获得本地root权限。 Corel Linux OS 1.0 暂无 by Cesar Tascon Alvarez [email protected] regarding this...
CVE-2000-0048
getit program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program...
CVE-2000-0048
The CVE-2000-0048 entry involves the get_it program in Corel Linux Update. The vulnerability arises from insufficient validation of a user-supplied PATH, allowing local users to influence which cp binary is executed, leading to local root privilege escalation. Impact is described as local root ac...
CVE-2000-0193
The CVE-2000-0193 entry describes a local privilege escalation in Dosemu on Corel Linux 1.0 due to the default configuration, which allows local users to execute the system.com program and gain privileges. Root cause: default config enabling system.com execution. Impact: local users gain privileg...
CVE-2000-0193
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges...
CVE-2000-0195
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file...
CVE-2000-0195
Corel Linux setxconf is vulnerable when invoked with the -T parameter, which causes the user’s .xserverrc to be executed and enables local privilege escalation to root. This is a local, unauthenticated issue affecting Corel Linux’s setxconf utility; the provided documents do not specify affected ...
Linux news 15.04.00
Corel выпустит Linux-версии CorelDraw и PhotoPaint раньше, чем планировалось Компания Corel активизировала разработку ПО для Linux и сообщила, что Linux-версии ее графических пакетов CorelDraw и PhotoPaint будут выпущены уже в июне, на два месяца раньше, чем ожидалось. Более того, недавняя покупк...
CVE-2000-0194
The CVE-2000-0194 issue affects Corel Linux, specifically the buildxconf component. Local users can modify or create arbitrary files by supplying -x or -f parameters, indicating an insecure handling of these options. The underlying details (root cause, affected versions, and remediation) are not ...
CVE-2000-0194
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters...