Busybox CVE-2014-9645
Bug #1420508 reported by
Erica Windisch
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| CirrOS |
Fix Committed
|
Medium
|
Dr. Jens Harbott | ||
Bug Description
Busybox issued a CVE for a vulnerable modprobe. This is a public vulnerability.
http://
Certain interfaces in the kernel allow unprivileged users to trigger register_module in the kernel, autoloading modules of a specific pattern. With util-linux modprobe, these patterns are usually safe, but with this busybox vulnerability would allow any user to load arbitrary modules known to modprobe.
Revision history for this message
| Dr. Jens Harbott (j-harbott) wrote | #1 |
| Changed in cirros: | |
| status: | New → In Progress |
| assignee: | nobody → Dr. Jens Rosenboom (j-rosenboom-j) |
Revision history for this message
| Scott Moser (smoser) wrote | #2 |
| Changed in cirros: | |
| importance: | Undecided → Medium |
| status: | In Progress → Fix Committed |
To post a comment you must log in.
Should be easily fixed by rebuilding with a recent buildroot.