Bug#776186: busybox: CVE-2014-9645
control: tag -1 patch, pending
Hi,
I uploaded an nmu fixing this issue to delayed/15. Please let me know
if I can shorten or if you want to do a maintainer upload instead.
See proposed patch attached.
Best wishes,
Mike
diff -Nru busybox-1.22.0/debian/changelog busybox-1.22.0/debian/changelog
--- busybox-1.22.0/debian/changelog 2014-11-14 09:53:24.000000000 +0000
+++ busybox-1.22.0/debian/changelog 2015-01-26 03:21:32.000000000 +0000
@@ -1,3 +1,10 @@
+busybox (1:1.22.0-14.1) unstable; urgency=medium
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2014-9645: modeprobe accepts paths as modules (closes: #776186).
+
+ -- Michael Gilbert <mgilbert@debian.org> Mon, 26 Jan 2015 03:18:37 +0000
+
busybox (1:1.22.0-14) medium; urgency=low
* one more attempt to fix the glibc build-depend for #769190, now
diff -Nru busybox-1.22.0/debian/patches/CVE-2014-9645.patch busybox-1.22.0/debian/patches/CVE-2014-9645.patch
--- busybox-1.22.0/debian/patches/CVE-2014-9645.patch 1970-01-01 00:00:00.000000000 +0000
+++ busybox-1.22.0/debian/patches/CVE-2014-9645.patch 2015-01-26 03:24:58.000000000 +0000
@@ -0,0 +1,25 @@
+From 4e314faa0aecb66717418e9a47a4451aec59262b
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 20 Nov 2014 17:24:33 +0000
+Subject: modprobe,rmmod: reject module names with slashes
+
+--- a/modutils/modprobe.c
++++ b/modutils/modprobe.c
+@@ -239,6 +239,17 @@ static void add_probe(const char *name)
+ {
+ struct module_entry *m;
+
++ /*
++ * get_or_add_modentry() strips path from name and works
++ * on remaining basename.
++ * This would make "rmmod dir/name" and "modprobe dir/name"
++ * to work like "rmmod name" and "modprobe name",
++ * which is wrong, and can be abused via implicit modprobing:
++ * "ifconfig /usbserial up" tries to modprobe netdev-/usbserial.
++ */
++ if (strchr(name, '/'))
++ bb_error_msg_and_die("malformed module name '%s'", name);
++
+ m = get_or_add_modentry(name);
+ if (!(option_mask32 & (OPT_REMOVE | OPT_SHOW_DEPS))
+ && (m->flags & (MODULE_FLAG_LOADED | MODULE_FLAG_BUILTIN))
diff -Nru busybox-1.22.0/debian/patches/series busybox-1.22.0/debian/patches/series
--- busybox-1.22.0/debian/patches/series 2014-11-10 12:06:53.000000000 +0000
+++ busybox-1.22.0/debian/patches/series 2015-01-26 03:24:54.000000000 +0000
@@ -27,3 +27,5 @@
stop-checking-ancient-kernel-version.patch
iproute-support-onelink-route-option-and-print-route-flags.patch
update-deb-format-support.patch
+
+CVE-2014-9645.patch
Reply to: