Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 8 Jan 2015 20:10:18 -0800
From: David Jorm <>
Subject: CVE request: local privilege escalation flaw in Red Star OS 3.0

Hi All

Red Star OS 3.0 (붉은별) ships with the root account disabled. A flaw has been
identified that allows a local user to jailbreak the environment and gain
root access. As noted here:

"The root user is disabled on Red Star, and it doesn’t look like there is a
way to enable it. Fortunately, they left a big security hole: the Software
Manager (, which runs as root through sudo and will install any
RPM package, even if unsigned."

Please assign a CVE ID to this issue.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ