'Autorun' Utility for Xandros Desktop Linux Beta Discloses a Portion of Any File to Local Users
|
|
SecurityTracker Alert ID: 1004397 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 29 2002
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in the 'autorun' utility for the Xandros Desktop Linux system. A local user may be able to view a small portion of text files on the system.
A local user can reportedly call 'autorun' with the '-c' command line switch and a filename as the next argument to be able to read
the first line of the specified file.
A demonstration exploit is provided:
autorun -c /etc/shadow
Because autorun is configured
with set user id (suid) root privileges, a local user can read the first line of any file on the system.
|
Impact: A local user can view the first line of any text file on the system.
|
Solution: The vendor has prepared a fix for Xandros Desktop Beta 2. The fix should be available shortly.
[Editor's note: The beta program appears to be closed, so this should only affect current beta users.]
|
Vendor URL: www.xandros.net/desktop.html (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Xandros)
|
Underlying OS Comments: Xandros Desktop Beta 1
|
Reported By: KF <dotslash@snosoft.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 28 May 2002 06:37:28 -0400
From: KF <dotslash@snosoft.com>
Subject: Xandros based linux autorun -c
|
There is a new debian based distro called Xandros making its way on to the market.I believe the devel
opers from Corel Linux are on
board with Xandros. It has at least one public beta and another on the way and I know of at least on
e OS that uses it as its backend.
I got a chance to play on a couple of Xandros based distros and came up with a few security issues.
Due to some extremely sketchy wording on disclosure by one of the above mentioned distros I will refr
ence all distros in general as
a "Xandros based flavor of linux". I can not verify that the holes are shared in all flavo
rs.
The first issue I am going to disclose is in the setuid autorun binary. If this binary is called with
the command line argument -c
and any file name you are able to read the first line of that file... for example /etc/shadow.
exploit: autorun -c /etc/shadow
Here is part of the response from the developer regarding only this issue... I just informed them of
6 others that I am aware of.
---------- Author or Developers response ----------------
I have fixed the bug in autorun. There will be a new package posted
for Xandros Desktop Beta 2. A fix for Beta 1 will not be provided as we
are not supporting older beta releases in any way. Lindows.com has been
notified as well, but we have yet to hear back from them.
As soon as our QA department gives us the green light, a notice will be
posted to the beta newsgroups and the new package will be posted on the
ftp site.
---------------------------------------------------------
http://www.snosoft.com
-KF
|
|
