Kernel Module Loading Vulnerability in BusyBox
CVE-2014-9645 · LOW Severity
AV:L/AC:L/AU:N/C:N/I:P/A:N
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
Learn more about our User Device Pen Test.