Debian Security Advisory
modutils -- local buffer overflow
- Date Reported:
- 22 Nov 2000
- Affected Packages:
- modutils
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
Sebastian Krahmer raised an issue in modutils. In an ideal world
modprobe should trust the kernel to only pass valid parameters to
modprobe. However he has found at least one local root exploit
because high level kernel code passed unverified parameters direct
from the user to modprobe. So modprobe no longer trusts kernel input
and switches to a safemode.
This problem has been fixed in version 2.3.11-13.1 and we recommend that you upgrade your modutils packages immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11-13.1.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11-13.1.dsc
-
http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/modutils_2.3.11-13.1_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/modutils_2.3.11-13.1_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/modutils_2.3.11-13.1_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/modutils_2.3.11-13.1_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/modutils_2.3.11-13.1_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/modutils_2.3.11-13.1_sparc.deb