Corel Linux setxconf Vulnerability

A vulnerability exists in the setxconf utility, as shipped with Corel Linux 1.0. The -T option to setxconf will run xinit, which euid root. xinit, when executed, will invoke the contents on ~/.xserverrc. A malicious user could therefore execute commands as root.


 

Privacy Statement
Copyright 2010, SecurityFocus