Title: Linux insmod Vulnerability
Severity: HIGH
Description:
The insmod binary from before the 2.2.6pre6 modutils package has a serious vulnerability involving ownership. Linux insmod does not check to see whether root owns a particular module or not, when referenced without a full path. This could allow an intruder to possibly run malicious code as a module in kernel mode.
Affected Products:
- Caldera OpenLinux Standard 1.0.0
- Caldera OpenLinux Standard 1.1.0
- Caldera OpenLinux Standard 1.2.0
- Debian Linux 1.3.1
- Debian Linux 2.0.0
- Debian Linux 2.0.0r5
- RedHat Linux 5.1.0
- RedHat Linux 5.2.0 i386
- S.u.S.E. Linux 5.2.0
- S.u.S.E. Linux 5.3.0
- S.u.S.E. Linux 6.0.0
- Slackware Linux 3.2.0
- Slackware Linux 3.3.0
- Slackware Linux 3.4.0
- Slackware Linux 3.5.0
- Slackware Linux 3.6.0
- Slackware Linux 4.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
