oss-sec mailing list archives
CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop
From: Hacker Fantastic <hackerfantastic () riseup net>
Date: Fri, 09 Jan 2015 12:04:47 +0000
Hi All, Red Star OS 3.0 desktop & 2.0 desktop ship with local privilege escalation vulnerabilities due to insecure files permissions on configuration and script files executed with root privileges. Red Star 3.0 desktop ships with a world-writeable udev rules "/etc/udev/rules.d/85-hplj10xx.rules" which can be modified to include "RUN+=" arguments executing commands as root by udev.d. An example of exploitation of this vulnerability can be seen here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar3.0-localroot.png Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit" which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown here https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png A local attacker can leverage these vulnerabilities to elevate privileges to root and compromise Red Star platforms. Please can CVE numbers be assigned for these flaws. Regards, Matthew
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hacker Fantastic (Jan 09)