CVE-2014-9645

CVE-2014-9645

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.

Source: CVE-2014-9645

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다