COMMAND

    lilo

SYSTEMS AFFECTED

    Linux

PROBLEM

    Juergen  Schmidt  posted  following.   While  Linux/LILO  is   not
    vulnerable  to  "boot-modified-kernel-attack"  described  in   BSD
    section, it should be noted, that gaining root on a Linux box  via
    LILO boot-prompt is  even easier: you  don't even need  a modified
    kernel.   Giving  an  init=/bin/sh  as  boot parameter invokes the
    shell instead of init.  After executing the necessary init-scripts
    manually, you have full root-access to the machine.

SOLUTION

    To avoid this, you should  add "RESTRICTED" and set a  password in
    your lilo.conf,  which is  then required  to set  any boot-options
    (don't  forget,  to  make  /etc/lilo.conf  read-only  for root, it
    contains the password in clear text)