|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Corel Linux Default Install
From: suid
SUID.KGDate: Thu Jun 01 2000 - 18:35:47 CDT
- Next message: Kit Knox: "[rootshell.com] Windows Media Encoder DoS (MSBD)"
- Previous message: Olaf Kirch: "Re: KDE Vuln"
- Maybe in reply to: j nickson: "Corel Linux Default Install"
- Maybe reply: suidSUID.KG: "Re: Corel Linux Default Install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It gets worse.
> > Upon it's release (April) I ordered the minimum Corel Linux.
> >
> > It's install is great for Windows users, and if they get theiur hands on
> it
> > they can get to Netscape on the web in 27 minutes.
> >
> > If they accept the defaults, they also have a blank root password and
> > telnet server enabled.
You'll also notice that by default the system owner username you enter
makes up the default hostname. So telnet to a user running Corel Linux 1.1,
the login banner appears with the hostname such as:
suid57 login:
In this case system owner username is "suid".
If the user chooses to login as root and never access this account they
are not forced to set a password. It remains passwordless.
Once on the system the 2 exploits i discovered in Corel Linux 1.0 way
back in Feburary 2000 still work. I posted these to bugtraq, corel and
my own website. No response from Corel.
www.suid.kg/advisories/ for these.
Looks to me like Corel arent listening or dont care, perhaps both.
suidsuid.kg
- Next message: Kit Knox: "[rootshell.com] Windows Media Encoder DoS (MSBD)"
- Previous message: Olaf Kirch: "Re: KDE Vuln"
- Maybe in reply to: j nickson: "Corel Linux Default Install"
- Maybe reply: suidSUID.KG: "Re: Corel Linux Default Install"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]