Jump to content

Oh No, another Linux vulnerability (funny)


skp51443

Recommended Posts

I couldn't resist this one, sure hope you aren't running Red Star Linux as it has some issues. :-)

http://www.theregister.co.uk/2015/01/11/surprise_norks_linux_disto_has_security_vulns/

SURPRISE: Norks Linux disto has security vulns ---- (Nork = North Korean in British slang)
Red Star turns into death star

Well, that didn't take long: mere days after North Korea's Red Star OS leaked to the west in the form of an ISO, security researchers have started exposing its vulnerabilities.

According to this post at Seclists, the udev rules in version 3.0 of the US and the rc.sysint script in version 2.0 are both world-writable. Both of these have root privilege.

Because of the slack file permission management in Red Star 3.0, the device manager for HP 1000-series LaserJet printers, /etc/udev/rules.d/85-hplj10xx.rules, can be modified to include RUN+= arguments. These commands will run on on the udev daemon as root. There's a demonstration at github.


Maybe Sony can get their revenge before a patch comes out? (Too soon?)

First rule of computer consulting:

Sell a customer a Linux computer and you'll eat for a day.

Sell a customer a Windows computer and you'll eat for a lifetime.

Link to comment
Share on other sites

 

Maybe Sony can get their revenge before a patch comes out? (Too soon?)

Maybe they're not as sophisticated as we have been led to believe. I also heard rumors that their "nuclear bomb" was actually a regular bomb wrapped in radioactive material; a "dirty" bomb not a nuclear bomb.

 

WDR

1993 Foretravel U225 with Pacbrake and 5.9 Cummins with Banks

1999 Jeep Wrangler, 4" lift and 33" tires

Raspberry Pi Coach Computer

Ham Radio

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...