header-logo
Suggest Exploit
vendor:
Red Star OS
by:
Richard G
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Red Star OS
Affected Version From: Red Star OS 3.0
Affected Version To: Red Star OS 3.0
Patch Exists: NO
Related CWE: N/A
CPE: o:redstar:red_star_os:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2015

Red Star OS 3.0 Root Privilege Escalation Vulnerability

Red Star OS 3.0 is vulnerable to a privilege escalation vulnerability due to the Software Manager (swmng.app) running as root through sudo and allowing the installation of any RPM package, even if unsigned. An attacker can get root access by downloading a malicious RPM package, double-clicking it to open it with the Software Manager, and clicking through the blue buttons until it’s done. After that, running rootsh will give the attacker a root shell. SELinux can be disabled by running setenforce 0 as root.

Mitigation:

Disable the Software Manager (swmng.app) or restrict access to it.
Source

Exploit-DB raw data:

The root user is disabled on Red Star, and it doesn't look like there is a way to enable it. 
UnFortunately, they left a big security hole: the Software Manager (swmng.app), 
which runs as root through sudo and will install any RPM package, even if unsigned.

To get root, get this RPM package I made into Red Star through an ISO (if you're using a virtual machine) or USB key,
double-click it to open it with the Software Manager, and click through the blue buttons until it’s done.
After that, run rootsh to get a root shell. 
Being a RedHat-based system (hinting on Fedora 15), SELinux will prevent you from doing some things, 
but disabling it is a matter of running setenforce 0 as root.


Download: https://mega.co.nz/#!jgBT0RxZ!LQDEBBrbGxE6fag4d_A2C2cWj2PSNR_ZvnSW_UjRD5E
Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35749.rpm (redstarroot.rpm)


## Source: http://richardg867.wordpress.com/2015/01/01/notes-on-red-star-os-3-0/ & http://www.openwall.com/lists/oss-security/2015/01/09/1

Navigation

Suggest Exploit

Services By CQR