Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 8 Jan 2015 20:10:18 -0800
From: David Jorm <david.jorm@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: local privilege escalation flaw in Red Star OS 3.0

Hi All

Red Star OS 3.0 (붉은별) ships with the root account disabled. A flaw has been
identified that allows a local user to jailbreak the environment and gain
root access. As noted here:
http://richardg867.wordpress.com/2015/01/01/notes-on-red-star-os-3-0/

"The root user is disabled on Red Star, and it doesn’t look like there is a
way to enable it. Fortunately, they left a big security hole: the Software
Manager (swmng.app), which runs as root through sudo and will install any
RPM package, even if unsigned."

Please assign a CVE ID to this issue.

Thanks

David

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ