COMMAND

	Xandros autorun permit local protected file reading

SYSTEMS AFFECTED

	Xandros Desktop beta 1 & 2

PROBLEM

	KF from snowsoft [http://www.snowsoft.com]  reported  following  bug  on
	Xandros, a new Debian based distribution [http://www.xandros.com/].
	

	There is a bug in the autorun setuid binary. If this  binary  is  called
	with the command line argument -c and any file  name  you  are  able  to
	read the first line of that file... for example /etc/shadow.
	

	 Exploit 

	 =======

	

	

	autorun -c /etc/shadow 

	

SOLUTION

	Patch should be released for beta 2