PT-2014-2024 · Busybox+2 · Busybox+2

Mathias Krause

Published

2014-11-19

Updated

2024-06-15

CVE-2014-9645

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions BusyBox versions prior to 1.23.0

Description The issue is related to the add probe function in modutils/modprobe.c and is caused by insufficient input validation, allowing local users to bypass restrictions on loading kernel modules by using a / character in a module name. This can be demonstrated through commands such as "ifconfig /usbserial up" or "mount -t /snd pcm none /". The vulnerability affects the integrity of data.

Recommendations For versions prior to 1.23.0, update to version 1.23.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the add probe function until a patch is available. Avoid using the / character in module names to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-03340

CVE-2014-9645

DLA-1445-1

DLA-2559-1

MGASA-2015-0041

OPENSUSE-SU-2022_4260-1

OPENSUSE-SU-2022_4371-1

OPENSUSE-SU-2024:12415-1

SUSE-SU-2015:1445-1

SUSE-SU-2015_1445-1

SUSE-SU-2022:4253-1

SUSE-SU-2022:4260-1

SUSE-SU-2022:4371-1

SUSE-SU-2022_4260-1

SUSE-SU-2022_4371-1

USN-3935-1

Affected Products

Busybox

Suse

Ubuntu

PT-2014-2024 · Busybox+2 · Busybox+2

CVE-2014-9645

Weakness Enumeration

Related Identifiers

Affected Products

References · 153