Linux modprobe Buffer Overflow Vulnerability
BID:1989
Info
Linux modprobe Buffer Overflow Vulnerability
| Bugtraq ID: | 1989 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 23 2000 12:00AM |
| Updated: | Nov 23 2000 12:00AM |
| Credit: | First published in RedHat advisory RHSA-2000:108-04 and by Debian on Nov 22, 2000. |
| Vulnerable: |
GNU Linux modutils 2.3.11 GNU Linux modutils 2.3.9 |
| Not Vulnerable: |
GNU Linux modutils 2.3.11 -13 |
Discussion
Linux modprobe Buffer Overflow Vulnerability
Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" (passed at the command line) automatically.
Though fixes for a recent (as of 11/23/2000, see Bugtraq ID 1936) high-profile vulnerability in modprobe have been made available by most vulnerable Linux vendors, it has been reported that there exists another method for an attacker to gain root privileges exploiting modprobe.
Debian and RedHat have both released advisories regarding a vulnerability that exists in modprobe related to the handling of input from the kernel. A buffer overflow can occur because data passed from the user through the kernel to modprobe isn't checked for length/validity before being used in memory copies.
Since modprobe is still spawned as root via kmod through setuid utilities such as ping, successful exploitation of this vulnerability can lead to root privileges for the attacker.
Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" (passed at the command line) automatically.
Though fixes for a recent (as of 11/23/2000, see Bugtraq ID 1936) high-profile vulnerability in modprobe have been made available by most vulnerable Linux vendors, it has been reported that there exists another method for an attacker to gain root privileges exploiting modprobe.
Debian and RedHat have both released advisories regarding a vulnerability that exists in modprobe related to the handling of input from the kernel. A buffer overflow can occur because data passed from the user through the kernel to modprobe isn't checked for length/validity before being used in memory copies.
Since modprobe is still spawned as root via kmod through setuid utilities such as ping, successful exploitation of this vulnerability can lead to root privileges for the attacker.
Exploit / POC
Linux modprobe Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Linux modprobe Buffer Overflow Vulnerability
References:
References: