Executive Summary

Summary
Title DavFS2: Local privilege escalation
Informations
Name GLSA-201612-02 First vendor Publication 2016-12-02
Vendor Gentoo Last vendor Modification 2016-12-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability in DavFS2 allows local users to gain root privileges.

Background

DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive.

Description

DavFS2 installs "/usr/sbin/mount.davfs" as setuid root. This utility uses "system()" to call "/sbin/modprobe".

While the call to "modprobe" itself cannot be manipulated, a local authenticated user can set the "MODPROBE_OPTIONS" environment variable to pass a user controlled path, allowing the loading of an arbitrary kernel module.

Impact

A local user could gain root privileges.

Workaround

The system administrator should ensure that all modules the
"mount.davfs" utility tries to load are loaded upon system boot before any local user can call the utility.

An additional defense measure can be implemented by enabling the Linux kernel module signing feature. This assists in the prevention of arbitrary modules being loaded.

Resolution

All DavFS2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/davfs2-1.5.2"

References

[ 1 ] CVE-2013-4362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4362

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201612-02

Original Source

Url : http://security.gentoo.org/glsa/glsa-201612-02.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19717
 
Oval ID: oval:org.mitre.oval:def:19717
Title: DSA-2765-1 davfs2 - privilege escalation
Description: Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2765-1
CVE-2013-4362
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/Linux 7
Debian GNU/kFreeBSD 6.0
Debian GNU/kFreeBSD 7
Product(s): davfs2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28673
 
Oval ID: oval:org.mitre.oval:def:28673
Title: DSA-2765-2 -- davfs2 -- privilege escalation
Description: Davfs2, a filesystem client for WebDAV, calls the function systeminsecurely while is setuid root. This might allow a privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2765-2
CVE-2013-4362
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): davfs2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Nessus® Vulnerability Scanner

Date Description
2016-12-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201612-02.nasl - Type : ACT_GATHER_INFO
2013-12-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-17836.nasl - Type : ACT_GATHER_INFO
2013-12-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-17853.nasl - Type : ACT_GATHER_INFO
2013-11-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-17828.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2013-244.nasl - Type : ACT_GATHER_INFO
2013-09-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2765.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-12-06 13:26:15
  • Multiple Updates
2016-12-02 17:23:04
  • First insertion