Rapid7 Vulnerability & Exploit Database

RHSA-2000:108: new modutils release addresses more local root compromise possibilities

Back to Search

RHSA-2000:108: new modutils release addresses more local root compromise possibilities

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
01/09/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A new modutils-2.3.21 package has been released to correctly enable safe guard measures introduced in modutils-2.3.20. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

The previous packages of modutils released to address a local root compromise contained an error in new safe guards that caused them to not properly be enabled when run as root from the kmod process. These new safe guards check the arguments passed to modules. The new 2.3.21 modutils package fixes this error and correctly checks the arguments when running from kmod, limiting kernel module arguments to those specified in /etc/conf.modules (on Red Hat Linux 6.2) or /etc/modules.conf (on Red Hat Linux 7). This release supersedes the previous modutils errata packages.

Solution(s)

  • redhat-upgrade-modutils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;