This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 664082 - (CVE-2010-4661) CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw
CVE-2010-4661 udisks: arbitrary Linux kernel loading flaw
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
https://bugs.freedesktop.org/show_bug...
public=20101208,reported=20101207,sou...
: Security
Depends On: 679859
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-17 18:36 EST by Vincent Danen
Modified: 2015-08-19 05:01 EDT (History)
2 users (show)

See Also:
Fixed In Version: udisks 1.0.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-12-17 18:36:20 EST
Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules.  Since "mount -t $NAME" is called, this also triggers a "modprobe -q -- $NAME" which will load the Linux kernel module from /lib/modules/.

The upstream bug report is: https://bugs.freedesktop.org/show_bug.cgi?id=32232 and no upstream fix has been made as of yet, although the upstream bug report has a few suggestions on how to correct this.
Comment 6 Vincent Danen 2011-01-31 14:21:20 EST
This issue can only be exploited by users who are logged in locally and in an active session.  Attempting the same via remote (i.e. via ssh) fails with:

Error org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized
Comment 7 Eugene Teo (Security Response) 2011-02-23 03:16:02 EST
http://seclists.org/oss-sec/2011/q1/252
Comment 8 Vincent Danen 2011-02-23 12:41:54 EST
This has been assigned the name CVE-2010-4661
Comment 9 Vincent Danen 2011-02-23 12:43:11 EST
Created udisks tracking bugs for this issue

Affects: fedora-all [bug 679859]
Comment 10 Vincent Danen 2011-02-23 12:45:06 EST
Statement:

The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw.  This issue did not affect Red Hat Enterprise Linux 4 or 5.
Comment 11 Vincent Danen 2012-08-16 14:05:14 EDT
Upstream patch:

http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037

And fixed in upstream 1.0.3.  Current Fedora releases have 1.0.4 so they have been addressed.

Note You need to log in before you can comment on or make changes to this bug.