Xandros Desktop OS autorun -c could allow an attacker to view arbitrary files
| xandros-autorun-view-files (9211) |  Medium Risk |
Description:
Xandros Desktop OS could allow a local attacker to view arbitrary files on the system, caused by a vulnerability in the autorun program. A local attacker could use the autorun -c option to view arbitrary files on the system, including portions of restricted files.
Consequences:
Obtain Information
Remedy:
No remedy available as of May 1, 2013.
References:
- BugTraq Mailing List, Tue May 28 2002 - 05:37:28 CDT: Xandros based linux autorun -c.
- Xandros Web site: Welcome to Xandros.
- BID-4884: Autorun Arbitrary File Read Vulnerability
- CVE-2002-0915: autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
- OSVDB ID: 14458: Xandros Desktop OS autorun -c Parameter Arbitrary File Segment Access
Platforms Affected:
- Xandros Corporation Xandros Desktop OS 1.0
Reported:
May 28, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this