Bug 664082 (CVE-2010-4661) - CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw
Summary: CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw
Keywords:
Status: NEW
Alias: CVE-2010-4661
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: https://bugs.freedesktop.org/show_bug...
Whiteboard:
Depends On: 679859
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-17 23:36 UTC by Vincent Danen
Modified: 2019-09-29 12:41 UTC (History)
2 users (show)

Fixed In Version: udisks 1.0.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Vincent Danen 2010-12-17 23:36:20 UTC
Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules.  Since "mount -t $NAME" is called, this also triggers a "modprobe -q -- $NAME" which will load the Linux kernel module from /lib/modules/.

The upstream bug report is: https://bugs.freedesktop.org/show_bug.cgi?id=32232 and no upstream fix has been made as of yet, although the upstream bug report has a few suggestions on how to correct this.

Comment 6 Vincent Danen 2011-01-31 19:21:20 UTC
This issue can only be exploited by users who are logged in locally and in an active session.  Attempting the same via remote (i.e. via ssh) fails with:

Error org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized

Comment 7 Eugene Teo (Security Response) 2011-02-23 08:16:02 UTC
http://seclists.org/oss-sec/2011/q1/252

Comment 8 Vincent Danen 2011-02-23 17:41:54 UTC
This has been assigned the name CVE-2010-4661

Comment 9 Vincent Danen 2011-02-23 17:43:11 UTC
Created udisks tracking bugs for this issue

Affects: fedora-all [bug 679859]

Comment 10 Vincent Danen 2011-02-23 17:45:06 UTC
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw.  This issue did not affect Red Hat Enterprise Linux 4 or 5.

Comment 11 Vincent Danen 2012-08-16 18:05:14 UTC
Upstream patch:

http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037

And fixed in upstream 1.0.3.  Current Fedora releases have 1.0.4 so they have been addressed.


Note You need to log in before you can comment on or make changes to this bug.