Author: JT Smith
The advisory is at LWN.net: “The modules package is responsible for on-demand loading of kernel
modules/drivers. The /sbin/modprobe command, when executed as a new
task by the kernel-internal function request_module(), runs with the
priviledges of the init process, usually root.
Newer versions of the modprobe program contain a bug
which allows local users to gain root priviledges. modprobe expands
given arguments via /bin/echo and can easily be tricked into executing
commands. In order for this bug to be exploitable, a setuid root program
must be installed that can trigger the loading of modules (such as ping6).”
modules/drivers. The /sbin/modprobe command, when executed as a new
task by the kernel-internal function request_module(), runs with the
priviledges of the init process, usually root.
Newer versions of the modprobe program contain a bug
which allows local users to gain root priviledges. modprobe expands
given arguments via /bin/echo and can easily be tricked into executing
commands. In order for this bug to be exploitable, a setuid root program
must be installed that can trigger the loading of modules (such as ping6).”
Category:
- Linux
