Corel Linux buildxconf存在漏洞。本地用户借助-x 或 -f参数可以修改或修改任意文件。
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org. Removal of the setuid bit from this binary will remove the problem: chmod -s /sbin/buildxconfig
Several vulnerabilities exist in the buildxconfig program, as included with Corel Linux 1.0. Using this program, it is likely that a local user could elevate privileges.
By failing to check input to the -f and -x flags, it is possible for an attacker to append to existing files, or create files that previously didn't exist. Using the -f argument, and supplying a filename that does exist, it is possible to append information to a file. Using the -x argument, and a file that does exist, it is possible toreplace the first line of any file with the path to the X server selected. Finally, if either flag is passed the name of a file that does not exist, it will create it, with read, write and execute permission available for all users on the system.
Method 1: buildxconfig -f /etc/shadow
Method 2: buildxconfig -x /etc/passwd
buildxconfig -x /.rhosts
echo "+ +" > /.rhosts