Tiny Core Base > TCB Bugs

TC busybox vulnerable CVE-2014-9645

(1/3) > >>

ewindisch:
Busybox modprobe allows loading arbitrary modules. This may be triggered via syscalls that load modules automatically based on /proc/sys/kernel/modprobe.


See this:
http://www.openwall.com/lists/oss-security/2015/01/26/1

hiro:
I would be curious where in tc ifconfig or mount gets run with user-defined content, or are there other ways to exploit this?

hiro:

--- Quote from: ewindisch on February 09, 2015, 11:27:45 AM ---syscalls that load modules automatically based on /proc/sys/kernel/modprobe.

--- End quote ---

Can you elaborate about those syscalls? I fail to understand. Sorry.

ewindisch:
A PoC for userland module loading is provided here: https://lkml.org/lkml/2013/3/4/70

The above issue in CryptoAPI has been fixed, but with a vulnerable busybox modprobe will load arbitrary module modules.

hiro:
well modprobe doesn't point to a suid busybox here, so it would still relies on cryptoAPI or other helper being "broken", right?

Navigation

[0] Message Index

[#] Next page

Go to full version