Tiny Core Base > TCB Bugs
TC busybox vulnerable CVE-2014-9645
ewindisch:
Busybox modprobe allows loading arbitrary modules. This may be triggered via syscalls that load modules automatically based on /proc/sys/kernel/modprobe.
See this:
http://www.openwall.com/lists/oss-security/2015/01/26/1
hiro:
I would be curious where in tc ifconfig or mount gets run with user-defined content, or are there other ways to exploit this?
hiro:
--- Quote from: ewindisch on February 09, 2015, 11:27:45 AM ---syscalls that load modules automatically based on /proc/sys/kernel/modprobe.
--- End quote ---
Can you elaborate about those syscalls? I fail to understand. Sorry.
ewindisch:
A PoC for userland module loading is provided here: https://lkml.org/lkml/2013/3/4/70
The above issue in CryptoAPI has been fixed, but with a vulnerable busybox modprobe will load arbitrary module modules.
hiro:
well modprobe doesn't point to a suid busybox here, so it would still relies on cryptoAPI or other helper being "broken", right?
Navigation
[0] Message Index
[#] Next page
Go to full version