Home page logo
/

bugtraq logo Bugtraq mailing list archives

More modutils: It's probably worse.
From: Chris Evans <chris () SCARY BEASTS ORG>
Date: Mon, 13 Nov 2000 21:01:23 +0000

Hi,

I think this problem is worse than originally thought. As noted by Olaf:

---
It should be noted that older Linux distributions using e.g.
modutils-2.1.121 (which I'm looking at) should be safe: before
modprobe will do _anything_ it checks the name of the requested
module against /lib/modules/modules.dep and fails if the module's
not listed. Getting "; chmod +w ." listed as a module should be
sort of tricky.
---

Unfortunately, we can subvert modutils _before_ any validation of module
name gets run. If we make the first character of our proposed module a
'-', then it will be just like we passed an option to modprobe.

modprobe -C, to specify a config file other than /etc/modules.conf, would
be an interesting route to play with.

Oh dear. Looks like a kernel issue as well as a modutils issue. Also looks
like more distributions could be affected.

I'd normally hold off posting something like this, but I guarantee black
hats have already figured this out.

Cheers
Chris


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]