Leakage of North Korea's Red Star OS and vulnerabilities

A few days after leakage of Red Star OS North Korea to the West, in the form of an ISO, security researchers have begun to expose its vulnerabilities.Red Star OS

According this publication in Seclists, the udev rules in the US 3.0 and the rc.sysint script in 2.0 are both enrollable. Both have the root privilege.

Because of the Red Star 3.0 file permissions management, the HP LaserJet Device Manager (1000 Series) device rules (/etc/udev/rules.d/85-hplj10xx.rules) can be modified to RUN + = arguments . These commands can be executed in the udev daemon as root. There is a presentation at GitHub.

The main task of udev is to monitor the / dev (devices) directory, and when the device is connected to a USB port, it loads the appropriate set of rules.

By registering to the rc.sysint file in the older one Red Star OS 2.0, an attacker can execute commands as root (demonstration).

Both vulnerabilities provide privilege escalation for local users.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

Download it redstar_desktop3.0_sign.iso

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news