http://www.securitytracker.com/alert...l/1007142.html

KNOPPIX CD Default Configuration May Let Local Users Grab Root Privileges
SecurityTracker Alert ID: 1007142
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jul 9 2003
Impact: Modification of system information, Modification of user information, Root access via local system
Exploit Included: Yes
Description: A vulnerability was reported in the default configuration of the KNOPPIX CD. A local user can obtain root privileges.

It is reported that the "knx-hdinstall" default configuration creates unsafe temporary files in the '/tmp/.qt/' directory: 'qt_plugins_3.0rc', and 'qt_plugins_3.0rc.lock'. A local user can create a symbolic link (symlink) from a critical file on the system to one of these temporary files. Then, when a target user logs in, the symlinked file will be overwritten with the privileges of the target user, potentially including the root user.
Impact: A local user can cause a target user to overwrite a file on the system with the privileges of the target user. This can be exploited by a local user to potentially obtain root privileges.

Solution: No solution was available at the time of this entry.
Vendor URL: www.knoppix.org/ (Links to External Site)
Cause: Access control error, State error
Reported By: Hugo "Vazquez" "Carames" <overclocking_a_la_abuela@hotmail.com>
Message History: None.