// back

Lycoris Desktop/LX Control Center Insecure File Permissions Vulnerability

10.24.03

BACKGROUND

Lycoris Desktop/LX is an operating system designed with ease of use in
mind. Desktop/LX loads ready for Internet access, office productivity,
multimedia, entertainment, and more.

DESCRIPTION

A locally exploitable vulnerability exists in Lycoris Desktop/LX that
can lead to execution of arbitrary code with elevated privileges. The
vulnerability specifically exists due to insecure world writable file
permissions on the /usr/share/RedmondLinux/HTML/control/ directory. The
directory contains the files used in the Lycoris Control Center
application. An attacker can modify the index.html file to cause users
accessing the Control Center to execute arbitrary code.

-rw-rw-rw-    1 root    users    4712 Apr 21 15:29 index.html

ANALYSIS

A local attacker can leverage the vulnerability to cause privileged
users to execute arbitrary code. The features of the Control Center
commonly require the user to be root to perform the functions available,
increasing the chances for success with this attack.

DETECTION

Lycoris Desktop/LX build 46, installed from cd1_en_binary.iso with
md5sum  2d3e4f7bb050ea0e04ea462d7d46d8f is known to be vulnerable to
this issue. Previous versions are likely susceptible as well.

WORKAROUND

Change the permissions on /usr/share/RedmondLinux/HTML/control/ and the
underlying files to restrict group level access.

CVE INFORMATION

A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not
been assigned yet.

DISCLOSURE TIMELINE

09/24/2003   Initial vendor notification
10/24/2003   Public Disclosure

CREDIT

Knud Erik Hojgaard is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

LEGAL NOTICES

Copyright © 2004 Verisign, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.