Vulners
Lucene search
Corel Linux OS 1.0 buildxconfig Vulnerabilities
source: http://www.securityfocus.com/bid/1007/info
Several vulnerabilities exist in the buildxconfig program, as included with Corel Linux 1.0. Using this program, it is likely that a local user could elevate privileges.
By failing to check input to the -f and -x flags, it is possible for an attacker to append to existing files, or create files that previously didn't exist. Using the -f argument, and supplying a filename that does exist, it is possible to append information to a file. Using the -x argument, and a file that does exist, it is possible toreplace the first line of any file with the path to the X server selected. Finally, if either flag is passed the name of a file that does not exist, it will create it, with read, write and execute permission available for all users on the system.
Method 1: buildxconfig -f /etc/shadow
Method 2: buildxconfig -x /etc/passwd
Method 3:
umask 0
buildxconfig -x /.rhosts
echo "+ +" > /.rhosts
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1