Date: Fri, 09 Jan 2015 12:04:47 +0000 From: Hacker Fantastic <hackerfantastic@...eup.net> To: oss-security@...ts.openwall.com Subject: CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hi All, Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege escalation vulnerabilities due to insecure files permissions on configuration and script files executed with root privileges. Red Star 3.0 desktop ships with a world-writeable udev rules "/etc/udev/rules.d/85-hplj10xx.rules" which can be modified to include "RUN+=" arguments executing commands as root by udev.d. An example of exploitation of this vulnerability can be seen here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png A local attacker can leverage these vulnerabilities to elevate privileges to root and compromise Red Star platforms. Please can CVE numbers be assigned for these flaws. Regards, Matthew Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ