GLSA-201612-02 : DavFS2: Local privilege escalation
High Nessus Plugin ID 95517
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201612-02 (DavFS2: Local privilege escalation)
DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system()” to call “/sbin/modprobe”.
While the call to “modprobe” itself cannot be manipulated, a local authenticated user can set the “MODPROBE_OPTIONS” environment variable to pass a user controlled path, allowing the loading of an arbitrary kernel module.
A local user could gain root privileges.
The system administrator should ensure that all modules the “mount.davfs” utility tries to load are loaded upon system boot before any local user can call the utility.
An additional defense measure can be implemented by enabling the Linux kernel module signing feature. This assists in the prevention of arbitrary modules being loaded.
SolutionAll DavFS2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/davfs2-1.5.2'