A vulnerability in DavFS2 allows local users to gain root privileges.
|Package||net-fs/davfs2 on all architectures|
|Affected versions||< 1.5.2|
|Unaffected versions||>= 1.5.2|
DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive.
DavFS2 installs “/usr/sbin/mount.davfs” as setuid root. This utility uses “system()” to call “/sbin/modprobe”.
While the call to “modprobe” itself cannot be manipulated, a local authenticated user can set the “MODPROBE_OPTIONS” environment variable to pass a user controlled path, allowing the loading of an arbitrary kernel module.
A local user could gain root privileges.
The system administrator should ensure that all modules the “mount.davfs” utility tries to load are loaded upon system boot before any local user can call the utility.
An additional defense measure can be implemented by enabling the Linux kernel module signing feature. This assists in the prevention of arbitrary modules being loaded.
All DavFS2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/davfs2-1.5.2"
December 02, 2016
December 02, 2016: 1