Sebastian Krahmer reported that the udisks service (via D-BUS) could be used to load arbitrary Linux kernel modules. Since "mount -t $NAME" is called, this also triggers a "modprobe -q -- $NAME" which will load the Linux kernel module from /lib/modules/. The upstream bug report is: https://bugs.freedesktop.org/show_bug.cgi?id=32232 and no upstream fix has been made as of yet, although the upstream bug report has a few suggestions on how to correct this.
This issue can only be exploited by users who are logged in locally and in an active session. Attempting the same via remote (i.e. via ssh) fails with: Error org.freedesktop.UDisks.Error.PermissionDenied: Not Authorized
http://seclists.org/oss-sec/2011/q1/252
This has been assigned the name CVE-2010-4661
Created udisks tracking bugs for this issue Affects: fedora-all [bug 679859]
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect Red Hat Enterprise Linux 4 or 5.
Upstream patch: http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037 And fixed in upstream 1.0.3. Current Fedora releases have 1.0.4 so they have been addressed.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-4661