Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 09 Jan 2015 12:04:47 +0000
From: Hacker Fantastic <hackerfantastic@...eup.net>
To: oss-security@...ts.openwall.com
Subject: CVE request: local privilege escalation flaws in Red Star OS 3.0
 & 2.0 desktop

Hi All,
        Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege
escalation vulnerabilities due to insecure files permissions
on configuration and script files executed with root privileges.

Red Star 3.0 desktop ships with a world-writeable udev rules
"/etc/udev/rules.d/85-hplj10xx.rules" which can be
modified to include "RUN+=" arguments executing commands as root by
udev.d. An example of exploitation
of this vulnerability can be seen here
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit"
which can be abused to execute commands on
boot. An example exploitation of this vulnerability is shown here
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png

A local attacker can leverage these vulnerabilities to elevate
privileges to root and compromise Red Star platforms.

Please can CVE numbers be assigned for these flaws.

Regards,
Matthew



[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ