nwlogo
NAVIGATION
About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

Open Source Lab at OSU

LaneChange.net

NetWinder security advisory
ID2000-012
Issued2000-Nov-16
Packagemodprobe
Summarymodprobe vulnerability
CategoryImproper input validation
SeverityLow (local privilege escalation)
ProductsDeveloper dm-3.1-15 and earlier
OfficeServer os-1.5-4 and earlier

DESCRIPTION

The modprobe program is susceptible to shell metacharacter attacks in the names of the modules it loads.

SOLUTION

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

http://www.netwinder.org/updates/3.1-15/armv4l/modutils-2.3.20-1.armv4l.rpm

REFERENCES

Reported on BugTraq by Michal Zalewski and Sebastian Krahmer on November 12, 2000. Thanks to Rod Stewart for building and testing the NetWinder RPMs.