Bugtraq mailing list archives

Re: Corel Linux 1.0 dosemu default configuration: Local root vuln

From: whitvamp () MINDLESS COM (VaMPiRe, WHiTe)
Date: Fri, 3 Mar 2000 02:54:17 -0500


On Thu, Mar 02, 2000 at 04:47:11AM +0000, suid () SUID KG(suid () SUID KG) wrote:
<snip>
: Summary:
: 
:       Local users can take advantage of a packaging and configuration
:       error (which has been known and documented for a long time) to
:       execute arbitrary commands as root.
: 
:       We see from the doc/README/SECURITY file as well as
:       http://www.dosemu.org/docs/README/0.98/README-3.html
:       written in 1997 that this configuration is bad.
<snip>

        Tested default configuration of dosemu on Slackware 7.0, no
vulnerability.

Regards,

-- 
    __      ______   ____
   /  \    /  \   \ /   / WHiTe VaMPiRe\Rem
   \   \/\/   /\   Y   /  whitevampire () mindless com
    \        /  \     /   http://www.projectgamma.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."


<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>

Current thread:

Corel Linux 1.0 dosemu default configuration: Local root vuln suid () SUID KG (Mar 02)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln VaMPiRe, WHiTe (Mar 02)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Seth R Arnold (Mar 03)
  - (BisonWare FTP Server V3.5 Roses Labs Security Advisory) is a old reported thing Ussr Labs (Mar 06)
  - Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Michael Meskes (Mar 07)
  - TFN2K Analysis - Update 1.3 Jason Barlow (Mar 07)
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Pavel Kankovsky (Mar 04)
- <Possible follow-ups>
- Re: Corel Linux 1.0 dosemu default configuration: Local root vuln Nate Eldredge (Mar 05)