Joined: 12 May 2004
|Posted: Fri Dec 02, 2016 2:26 pm Post subject: [ GLSA 201612-02 ] DavFS2
|Gentoo Linux Security Advisory
Title: DavFS2: Local privilege escalation (GLSA 201612-02)
Date: December 02, 2016
A vulnerability in DavFS2 allows local users to gain root
DavFS2 is a file system driver that allows you to mount a WebDAV server
as a local disk drive.
Vulnerable: < 1.5.2
Unaffected: >= 1.5.2
Architectures: All supported architectures
DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility
uses “system()” to call “/sbin/modprobe”.
While the call to “modprobe” itself cannot be manipulated, a local
authenticated user can set the “MODPROBE_OPTIONS” environment
variable to pass a user controlled path, allowing the loading of an
arbitrary kernel module.
A local user could gain root privileges.
The system administrator should ensure that all modules the
“mount.davfs” utility tries to load are loaded upon system boot
before any local user can call the utility.
An additional defense measure can be implemented by enabling the Linux
kernel module signing feature. This assists in the prevention of
arbitrary modules being loaded.
All DavFS2 users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/davfs2-1.5.2"