Results 1 to 4 of 4

Thread: KNOPPIX CD Default Install May Let Local Users Grab Root

  1. #1
    Member registered user
    Join Date
    Nov 2002
    Posts
    85

    KNOPPIX CD Default Install May Let Local Users Grab Root

    http://www.securitytracker.com/alert...l/1007142.html

    KNOPPIX CD Default Configuration May Let Local Users Grab Root Privileges
    SecurityTracker Alert ID: 1007142
    CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
    Date: Jul 9 2003
    Impact: Modification of system information, Modification of user information, Root access via local system
    Exploit Included: Yes
    Description: A vulnerability was reported in the default configuration of the KNOPPIX CD. A local user can obtain root privileges.

    It is reported that the "knx-hdinstall" default configuration creates unsafe temporary files in the '/tmp/.qt/' directory: 'qt_plugins_3.0rc', and 'qt_plugins_3.0rc.lock'. A local user can create a symbolic link (symlink) from a critical file on the system to one of these temporary files. Then, when a target user logs in, the symlinked file will be overwritten with the privileges of the target user, potentially including the root user.
    Impact: A local user can cause a target user to overwrite a file on the system with the privileges of the target user. This can be exploited by a local user to potentially obtain root privileges.

    Solution: No solution was available at the time of this entry.
    Vendor URL: www.knoppix.org/ (Links to External Site)
    Cause: Access control error, State error
    Reported By: Hugo "Vazquez" "Carames" <overclocking_a_la_abuela@hotmail.com>
    Message History: None.

  2. #2
    Junior Member
    Join Date
    Jun 2003
    Posts
    9
    as a newby (and a root on a hd installed- Knoppix) What's the sollution to prevent this???

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Posts
    2
    I installed with an older build of 3.2 and have no such directory.

  4. #4
    Senior Member registered user
    Join Date
    Mar 2003
    Location
    Cleveland, OH
    Posts
    228
    The solution is to reboot your pc... all user created files in /tmp will be deleted, even on a hard drive install.

    This is (IMHO) a very LOW risk (but one I want to be aware of regardless). Here's why I would consider this low risk: you need local (hands on) access to install or use knoppix from a cd anyways! When you have physical access, and boot from a knoppix cd, root access is readily available. After you do a hard drive install and reboot, the system security is only going to be as good as your setup guarding against know vulnerabilities.

    My two cents, and worth every penny.

    ~paul

Similar Threads

  1. knoppix 3.3 'default' root passwd???
    By Cerebrus in forum General Support
    Replies: 4
    Last Post: 06-21-2004, 01:49 PM
  2. Stange Login + Default Users
    By jeremymeindl in forum Hdd Install / Debian / Apt
    Replies: 1
    Last Post: 05-29-2004, 01:06 AM
  3. Cannot start X under any users other than root
    By pizarra in forum Hdd Install / Debian / Apt
    Replies: 2
    Last Post: 03-23-2004, 06:01 PM
  4. help Give users root access
    By warpedmind in forum General Support
    Replies: 12
    Last Post: 11-19-2003, 12:10 AM
  5. OpenOffice non Root or Knoppix Users
    By rec9140 in forum General Support
    Replies: 0
    Last Post: 09-19-2003, 07:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Juniper Networks EX2300-C-12T Compact 12-Port EX2300-C Series Ethernet Switch picture

Juniper Networks EX2300-C-12T Compact 12-Port EX2300-C Series Ethernet Switch

$300.00



Juniper Networks EX3300 EX3300-48P 48-Port Gigabit PoE+ Switch picture

Juniper Networks EX3300 EX3300-48P 48-Port Gigabit PoE+ Switch

$30.00



Juniper Networks EX2200-C Ethernet Managed Switch w/ Rack Mounts picture

Juniper Networks EX2200-C Ethernet Managed Switch w/ Rack Mounts

$74.99



Juniper SRX300 8-Port Security Services Gateway Appliance picture

Juniper SRX300 8-Port Security Services Gateway Appliance

$99.97



Juniper Networks EX3300 EX3300-48P 48-Port Gigabit PoE+ Switch picture

Juniper Networks EX3300 EX3300-48P 48-Port Gigabit PoE+ Switch

$59.95



Juniper EX3300-48P 48-Port 10/100/1000BASE-T (48 PoE+ ports) with 4 SFP+ picture

Juniper EX3300-48P 48-Port 10/100/1000BASE-T (48 PoE+ ports) with 4 SFP+

$74.00



Juniper Networks EX2200-C-12P-2G Gigabit Ethernet Managed Switch picture

Juniper Networks EX2200-C-12P-2G Gigabit Ethernet Managed Switch

$79.99



Juniper Networks EX2200 EX2200-C-12T-2G 12-Port Gigabit Switch picture

Juniper Networks EX2200 EX2200-C-12T-2G 12-Port Gigabit Switch

$84.95



Juniper Networks SRX220 8-Port Gigabit Services Gateway Security Appliance picture

Juniper Networks SRX220 8-Port Gigabit Services Gateway Security Appliance

$45.00



Juniper EX2200-C-12T-2G Fanless 12-port Ethernet Switch with 2 SFP picture

Juniper EX2200-C-12T-2G Fanless 12-port Ethernet Switch with 2 SFP

$76.13