I. BACKGROUND

According to the vendor "UnitedLinux addresses enterprise customers'
needs for a high quality, low cost, standards-based Linux environment
that enables the widespread adoption of Linux."

II. DESCRIPTION

The folders below /usr/src/packages/ ships with the following permissions:
drwxrwxrwt, which makes it writeable by all users.

III. ANALYSIS

This makes way for planting of rogue source, ultimately leading to a full
system compromise.

IV. DETECTION

UnitedLinux 1.0 (i586) beta3 is found to be vulnerable.

V. WORKAROUND

Change the permissions on 
/usr/src/packages/* and below to something more suitable.

VI. VENDOR FIX

unknown

VII. CVE INFORMATION

unknown

VIII. DISCLOSURE TIMELINE

unknown

IX. CREDIT

Knud Erik Højgaard/kokanin[a]dtors.net