oss-sec mailing list archives
Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN
From: Vasiliy Kulikov <segoon () openwall com>
Date: Fri, 11 Mar 2011 17:36:51 +0300
On Thu, Feb 24, 2011 at 15:54 -0800, Kees Cook wrote:
"ifconfig $module" will load any module as long as the process has CAP_NET_ADMIN (ignoring CAP_SYS_MODULE)."
This was fixed in 8909c9ad8ff: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8909c9ad8ff03611c9c96c9a92656213e4bb495b -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Current thread:
- CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Kees Cook (Feb 24)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Eugene Teo (Feb 24)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Vasiliy Kulikov (Mar 11)