[原文]autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
Harald Hoyer autorun 2.7
+
Xandros Corel Linux OS 1.2
-
漏洞讨论
Autorun is a setuid binary that is part of Xandros based Linux distributions.
A vulnerability exists in versions of autorun based on Xandros Linux. Reportedly, it is possible to view files on a vulnerable system by specifying a filename as an argument to the -c option. This occurs with effective root privileges. An attacker may exploit this vulnerability to view some of the contents of restricted files.
-
漏洞利用
There is no exploit code required.
-
解决方案
Vendor has confirmed the vulnerability and has a new version available. The newer version of the affected product will be included in later releases of Xandros Linux.