Date: Fri, 09 Jan 2015 12:04:47 +0000 From: Hacker Fantastic <hackerfantastic@...eup.net> To: oss-security@...ts.openwall.com Subject: CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hi All, Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege escalation vulnerabilities due to insecure files permissions on configuration and script files executed with root privileges. Red Star 3.0 desktop ships with a world-writeable udev rules "/etc/udev/rules.d/85-hplj10xx.rules" which can be modified to include "RUN+=" arguments executing commands as root by udev.d. An example of exploitation of this vulnerability can be seen here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png A local attacker can leverage these vulnerabilities to elevate privileges to root and compromise Red Star platforms. Please can CVE numbers be assigned for these flaws. Regards, Matthew [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ