Bugtraq mailing list archives
Re: Corel Linux 1.0 dosemu default configuration: Local root vuln
From: neldredge () HMC EDU (Nate Eldredge)
Date: Sun, 5 Mar 2000 14:13:45 -0800
I note that this has been added to the Vulnerabilities Database on www.securityfocus.org (#1030) with the following solution:
The system.com program should be removed from the dosemu heirarchy.
I don't think this is adequate. system.com is a fairly short file (300 bytes), and if a user has any way to create files inside the dosemu hierarchy (as they probably do, because otherwise dosemu is of limited value), they can easily re-create it. Correct fixes are listed at http://www.dosemu.org/docs/README/0.98/README-3.html , the URL referenced before. Such as setting secure mode in the configuration files. (Note that I haven't tested this as I can't reproduce the vulnerability with my current dosemu configuration.) -- Nate Eldredge neldredge () hmc edu
Current thread:
- Corel Linux 1.0 dosemu default configuration: Local root vuln suid () SUID KG (Mar 02)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln VaMPiRe, WHiTe (Mar 02)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Seth R Arnold (Mar 03)
- (BisonWare FTP Server V3.5 Roses Labs Security Advisory) is a old reported thing Ussr Labs (Mar 06)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Michael Meskes (Mar 07)
- TFN2K Analysis - Update 1.3 Jason Barlow (Mar 07)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Pavel Kankovsky (Mar 04)
- <Possible follow-ups>
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Nate Eldredge (Mar 05)