oss-sec mailing list archives

CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop

From: Hacker Fantastic <hackerfantastic () riseup net>
Date: Fri, 09 Jan 2015 12:04:47 +0000

Hi All,
        Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege
escalation vulnerabilities due to insecure files permissions
on configuration and script files executed with root privileges.

Red Star 3.0 desktop ships with a world-writeable udev rules
"/etc/udev/rules.d/85-hplj10xx.rules" which can be
modified to include "RUN+=" arguments executing commands as root by
udev.d. An example of exploitation
of this vulnerability can be seen here
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit"
which can be abused to execute commands on
boot. An example exploitation of this vulnerability is shown here
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png

A local attacker can leverage these vulnerabilities to elevate
privileges to root and compromise Red Star platforms.

Please can CVE numbers be assigned for these flaws.

Regards,
Matthew

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hacker Fantastic (Jan 09)