[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]Serious Bug in Corel Linux.(Local root exploit) Corel Linux comes with a program called "Corel Update" to manage the ".deb" files. This X oriented program is setuid root. The program is "get_it" and it's located in the /usr/X11R6/bin directory. If you can run it, it's easy to get root privileges in your system. It copies two files to the temp directory, taking no care to verify how. In fact, it calls the "cp" program WITHOUT THE WHOLE PATH!! The only thing you have to do to hack root, is to change your PATH to execute your personal copy of the program. --------------------------------------------------------------------- Lista de soporte de LinuxPPP Reglas de la lista en http://pepe.net.mx/reglas.html