UnitedLinux 1.0 ships with /usr/src/packages recursively set with full read, write, and execute permissions which makes way for planting of rogue source, ultimately leading to a full system compromise.
1ec77d05a51e34bf8f10fddbcea60b702cb5fe474c39d04ba118f2d496c1a10e
I. BACKGROUND
According to the vendor "UnitedLinux addresses enterprise customers'
needs for a high quality, low cost, standards-based Linux environment
that enables the widespread adoption of Linux."
II. DESCRIPTION
The folders below /usr/src/packages/ ships with the following permissions:
drwxrwxrwt, which makes it writeable by all users.
III. ANALYSIS
This makes way for planting of rogue source, ultimately leading to a full
system compromise.
IV. DETECTION
UnitedLinux 1.0 (i586) beta3 is found to be vulnerable.
V. WORKAROUND
Change the permissions on
/usr/src/packages/* and below to something more suitable.
VI. VENDOR FIX
unknown
VII. CVE INFORMATION
unknown
VIII. DISCLOSURE TIMELINE
unknown
IX. CREDIT
Knud Erik Højgaard/kokanin[a]dtors.net