GLSA-201612-02 : DavFS2: Local privilege escalation

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-201612-02
(DavFS2: Local privilege escalation)

DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility
uses “system()” to call “/sbin/modprobe”.
While the call to “modprobe” itself cannot be manipulated, a local
authenticated user can set the “MODPROBE_OPTIONS” environment
variable to pass a user controlled path, allowing the loading of an
arbitrary kernel module.

Impact :

A local user could gain root privileges.

Workaround :

The system administrator should ensure that all modules the
“mount.davfs” utility tries to load are loaded upon system boot
before any local user can call the utility.
An additional defense measure can be implemented by enabling the Linux
kernel module signing feature. This assists in the prevention of
arbitrary modules being loaded.

See also :

https://security.gentoo.org/glsa/201612-02

Solution :

All DavFS2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-fs/davfs2-1.5.2'

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 95517 ()

Bugtraq ID:

CVE ID: CVE-2013-4362

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now