Vulnerability Development mailing list archives
Re: Lindows Issues
From: KF <dotslash () snosoft com>
Date: Thu, 18 Jul 2002 13:22:22 -0400
I am a paying customer and unfortunately if you read their agreements I may be violating their wishes by publishing info like that. I may also loose my right to be a Lindows insider. This is also why the info that I have released I stressed the Xandros side of things and was not directly refrencing Lindows. The Xandros authors are quite quick to respond and infact told me that they also notified Lindows of the issues and recieved no response (several months ago). I did release a little advisory a while back... http://online.securityfocus.com/archive/1/274649
=] -KF H C wrote:
KF, Instead of saying that Lindows "SUCKS" w/ regards to security responses, why don't you simply follow the widely accepted vulnerability disclosure "methodology" and write up an advisory? --- KF <dotslash () snosoft com> wrote:Yes... we found about 7 or 8 suids to be exploitablein the default config (local only so not any real threat...I don't believe its supposed to be multi-user really)... they were reported to Lindows.com. Lindows is based on Xandros linux so you may find that auditing Xandros will reveal alot about Lindows. They (Lindows) SUCK on security type responses is all I know ... they NEVER really got back to me. They marked my case as "Solved" after they replyed "we will get back with you shortly"for the 2nd time.* Response (Evan)* 06/17/2002 10:15 AM Thank you for the email. We are working on this andwill get back with you shortly.* Customer (Kevin Finisterre)* 06/17/2002 10:15 AM I forwarded several security issues on to your staff and only recieved one reply... what is the status of these issues? * Question Reference #020526-000013* -KF * Question Reference #020617-000051* *Contact Information: * dotslash () snosoft com *Date Created: * 06/17/2002 10:15 AM *Last Updated: * 06/24/2002 04:08 PM *Status: * Solved elguapo25:/home/elguapo# uname -a Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT 2000 i686 unknown elguapo25:/home/elguapo# cat /etc/issue Corel LINUX 1.2 (\l) elguapo25:/home/elguapo# cat /etc/motd Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT 2000 i686 unknown Copyright (C) 1993-1999 Software in the Public Interest, and others Most of the programs included with the Debian GNU/Linux system are freely redistributable; the exact distribution terms for each program are described in the individual files in /usr/doc/ */copyright Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. elguapo25:~# /usr/games/xsok -xsokdir `perl -e 'print "A" x 9000'` Segmentation fault elguapo25:~# /usr/games/purity `perl -e 'print "A" x 9000'` Segmentation fault elguapo25:~# /usr/games/xgalaga -level `perl -e 'print "1" x 9000'` xgal.sndsrv: Couldn't open DSP /dev/dsp xgal.sndsrv: Sound not available Segmentation fault elguapo25:~# /usr/games/xpat2 -xpmdir `perl -e 'print "A" x 9000'` FAILED to open keyboard file "/usr/lib/games/xpat/C/keys" Segmentation fault elguapo25:~# /usr/sbin/exim -C `perl -e 'print "A" x 9000'` Segmentation fault elguapo25:~# export TZ=`perl -e 'print "A" x 9000'` elguapo25:~# /usr/X11R6/bin/kcmclock Segmentation fault -KF sec daddy wrote:Lindows?Has anyone done research on the security ofThere appear to be application level exploits withMSprograms that run on Lindows, consistent withWindows.I'm more curious about O/S level exploits. __________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com__________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com
Current thread:
- RE: Lindows Issues McAllister, Andrew (Jul 18)
- Re: Lindows Issues KF (Jul 18)
- <Possible follow-ups>
- RE: Lindows Issues Gregory_DeGennaro (Jul 18)
- Re: Lindows Issues Matt Simmons (Jul 18)
- Re: Lindows Issues Jonas M Luster (Jul 19)
- Re: Lindows Issues Matt Simmons (Jul 18)
- Lindows Issues sec daddy (Jul 18)
- Re: Lindows Issues KF (Jul 18)
- Re: Lindows Issues H C (Jul 18)
- Re: Lindows Issues KF (Jul 18)
- Re: Lindows Issues De Velopment (Jul 21)
- Re: Lindows Issues KF (Jul 18)
- Re: Lindows Issues Jonas M Luster (Jul 19)
- Re: Lindows Issues Timothy L. Salus (Jul 19)
- Re: Lindows Issues David Wagner (Jul 19)
- Re: Lindows Issues Valdis . Kletnieks (Jul 19)