Vigil@nce: Linux kernel, privilege elevation via inotify
December 2008 by Vigil@nce
A local attacker can use inotify and umount in order to obtain
system privileges.
– Gravity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 05/12/2008
IMPACTED PRODUCTS
– Debian Linux
– Linux kernel
DESCRIPTION
The inotify feature can be used to track events on a file or a
directory: access, open, delete, etc. In order to do so, a watch
is added on a path:
inotify_add_watch(inotify, path, mask);
However, if the filesystem is unmounted with umount, its watches
are in an unstable state. This case may lead to privilege
elevation.
A local attacker can therefore use inotify and umount in order to
obtain system privileges.
CHARACTERISTICS
– Identifiers: CVE-2008-5182, DSA 1681-1, VIGILANCE-VUL-8287
– Url: http://vigilance.fr/vulnerability/8287