Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Corel Linux 1.0 dosemu default configuration: Local root vuln
From: neldredge () HMC EDU (Nate Eldredge)
Date: Sun, 5 Mar 2000 14:13:45 -0800

I note that this has been added to the Vulnerabilities Database on
www.securityfocus.org (#1030) with the following solution:

The system.com program should be removed from the dosemu heirarchy.

I don't think this is adequate.  system.com is a fairly short file
(300 bytes), and if a user has any way to create files inside the
dosemu hierarchy (as they probably do, because otherwise dosemu is of
limited value), they can easily re-create it.

Correct fixes are listed at
http://www.dosemu.org/docs/README/0.98/README-3.html , the URL
referenced before.  Such as setting secure mode in the configuration

(Note that I haven't tested this as I can't reproduce the
vulnerability with my current dosemu configuration.)


Nate Eldredge
neldredge () hmc edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]