Bugtraq mailing list archives
Re: Corel Linux Default Install
From: suid () SUID KG (suid () SUID KG)
Date: Thu Jun 1 18:35:47 2000
It gets worse.
Upon it's release (April) I ordered the minimum Corel Linux. It's install is great for Windows users, and if they get theiur hands onitthey can get to Netscape on the web in 27 minutes. If they accept the defaults, they also have a blank root password and telnet server enabled.
You'll also notice that by default the system owner username you enter makes up the default hostname. So telnet to a user running Corel Linux 1.1, the login banner appears with the hostname such as: suid57 login: In this case system owner username is "suid". If the user chooses to login as root and never access this account they are not forced to set a password. It remains passwordless. Once on the system the 2 exploits i discovered in Corel Linux 1.0 way back in Feburary 2000 still work. I posted these to bugtraq, corel and my own website. No response from Corel. www.suid.kg/advisories/ for these. Looks to me like Corel arent listening or dont care, perhaps both. suid () suid kg
Current thread:
- Re: Corel Linux Default Install suid () SUID KG (Jun 01)