COMMAND

    install

SYSTEMS AFFECTED

    Corel Linux

PROBLEM

    James Nickson found following.  Upon it's release (April 2000)  he
    ordered  the  minimum  Corel  Linux.   It's  install  is great for
    Windows users, and if they get theiur hands on it they can get  to
    Netscape on the web in 27 minutes.

    If they accept the defaults, they also have a blank root  password
    and telnet server enabled (and if  they have DSL, ...  It  is DDOS
    tra la, tra la, time).

    It also gets the user to  create an account on their machine  when
    doing the install and doesn't ask  for a password.  It does  put a
    open a little dialog box the first (and only the first) time  they
    log in,  but most  users never  read those  boxes they  just click
    cancel.   So there  is probally  alot of  corel installs out there
    that don't have any passwords set.

SOLUTION

    The only thing about corel linux is they use /etc/securetty  which
    prvents root from logging in except on tty1-tty6.