Vigil@nce - busybox: bypass of modprobe filter
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A privileged attacker can add path separator to module names, in
order to make modprobe of busybox load forbidden modules.
Impacted products: MBS, openSUSE
Severity: 1/4
Creation date: 18/06/2015
DESCRIPTION OF THE VULNERABILITY
The busybox product includes an implementation of many Unix system
tools, including modprobe for kernel module loading.
Modprobe allows to black-list modules by names. However, the
busybox implementation of modprobe does not suitably handles the
path separatopr "/".
A privileged attacker can therefore add path separator to module
names, in order to make modprobe of busybox load forbidden modules.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/busybox-bypass-of-modprobe-filter-17169