Re: Corel Linux Default Install

[suid () SUID KG (suid () SUID KG)]

It gets worse.

> > Upon it's release (April) I ordered the minimum Corel Linux.
> >
> > It's install is great for Windows users, and if they get theiur hands on
> it
> > they can get to Netscape on the web in 27 minutes.
> >
> > If they accept the defaults, they also have a blank root password and
> > telnet server enabled.

You'll also notice that by default the system owner username you enter
makes up the default hostname. So telnet to a user running Corel Linux 1.1,
the login banner appears with the hostname such as:

suid57 login:

In this case system owner username is "suid".

If the user chooses to login as root and never access this account they
are not forced to set a password. It remains passwordless.

Once on the system the 2 exploits i discovered in Corel Linux 1.0 way
back in Feburary 2000 still work. I posted these to bugtraq, corel and
my own website. No response from Corel.

www.suid.kg/advisories/ for these.

Looks to me like Corel arent listening or dont care, perhaps both.

suid () suid kg