Vigil@nce - Linux kernel: module loading via CAP_NET_ADMIN
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker who only has the CAP_NET_ADMIN capability can
load a non-network module with the ifconfig command.
Severity: 1/4
Creation date: 25/02/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The CAP_NET_ADMIN capability allows a user to administer the
network configuration. The CAP_SYS_MODULE capability allows a user
to load a kernel module.
When a network administrator configures a new device (via
"ifconfig"), he has to load its kernel module. Historically, the
CAP_SYS_MODULE was thus granted to network administrators. Since
version 2.6.32, the kernel allows the network administrator to
load his modules without having CAP_SYS_MODULE. However, he is not
limited in the list of modules that he can load. He can thus load
any kernel module even if he does not own the CAP_SYS_MODULE
capability.
A local attacker who only has the CAP_NET_ADMIN capability can
therefore load a non-network module with the ifconfig command.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-module-loading-via-CAP-NET-ADMIN-10399