Red Hat Bugzilla – Bug 664082
CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw
Last modified: 2015-08-19 05:01:41 EDT
Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules. Since "mount -t $NAME" is called, this also triggers a "modprobe -q -- $NAME" which will load the Linux kernel module from /lib/modules/.
The upstream bug report is: https://bugs.freedesktop.org/show_bug.cgi?id=32232 and no upstream fix has been made as of yet, although the upstream bug report has a few suggestions on how to correct this.
This issue can only be exploited by users who are logged in locally and in an active session. Attempting the same via remote (i.e. via ssh) fails with:
Error org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized
This has been assigned the name CVE-2010-4661
Created udisks tracking bugs for this issue
Affects: fedora-all [bug 679859]
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect Red Hat Enterprise Linux 4 or 5.
And fixed in upstream 1.0.3. Current Fedora releases have 1.0.4 so they have been addressed.