Debian 2.2: Critical Modutils Local Exploit and Command Execution Risk
debian
November 20, 2000
Sebastian Krahmer found a problem in the modprobe utility that could beexploited by local users to run arbitrary commands as root if themachine is running a kernel with kmod enable...
Topics Covered
Summary
The kmod kernel feature allows the kernel to dynamically load kernel
modules if functionality is required that is not present in the running
kernel. It does this by invoking the modprobe command with the requested
module as parameter. This parameter can be influenced by users, for
example by opening a currently non-existing files on a devfs filesystem,
or trying to access a non-existing network interface. Since modprobe
did not properly escape shell meta-characters when calling external
commands or check if the last parameters was an option instead of a
modulename, users can cause it to run arbitrary commands.
This has been fixed in version 2.3.11-12 and we recommend that you upgrade
your modutils package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
architectures.
Sou...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!