Debian Security Advisory

modutils -- local buffer overflow

Date Reported:

22 Nov 2000

Affected Packages:

modutils

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Sebastian Krahmer raised an issue in modutils. In an ideal world modprobe should trust the kernel to only pass valid parameters to modprobe. However he has found at least one local root exploit because high level kernel code passed unverified parameters direct from the user to modprobe. So modprobe no longer trusts kernel input and switches to a safemode.

This problem has been fixed in version 2.3.11-13.1 and we recommend that you upgrade your modutils packages immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11-13.1.diff.gz; http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11-13.1.dsc; http://security.debian.org/dists/stable/updates/main/source/modutils_2.3.11.orig.tar.gz
alpha:: http://security.debian.org/dists/stable/updates/main/binary-alpha/modutils_2.3.11-13.1_alpha.deb
arm:: http://security.debian.org/dists/stable/updates/main/binary-arm/modutils_2.3.11-13.1_arm.deb
i386:: http://security.debian.org/dists/stable/updates/main/binary-i386/modutils_2.3.11-13.1_i386.deb
m68k:: http://security.debian.org/dists/stable/updates/main/binary-m68k/modutils_2.3.11-13.1_m68k.deb
powerpc:: http://security.debian.org/dists/stable/updates/main/binary-powerpc/modutils_2.3.11-13.1_powerpc.deb
sparc:: http://security.debian.org/dists/stable/updates/main/binary-sparc/modutils_2.3.11-13.1_sparc.deb