Local Root Exploit in Udev

Apr 16, 2009

The udev subsystem allows the Linux kernel, together with a userland program, to manage device nodes dynamically, adding and removing them at will. It has now been revealed that the communication channel between the kernel and program fails to authenticate, so that users can assume root privileges.

The udev subsystem and the udevd daemon communicate in userspace over the netlink interface. Sending KOBJECT_UEVENT messages unfortunately doesn't verify who sent them. The result is that normal users can assume read privileges for a random device. If the device has a major and minor number of the root block device, invasive code can be applied to alter the system. A root exploit could then be quite simple for an attacker.

The root exploit was discovered by Sebastian Krahmer of the SUSE Security Team, which had become apprised of the CVE-2009-1185 spoofing exposure. The udev “trickery" exploit also points to another vulnerability in the CVE-2009-1186 stack buffer overflow exposure. Unfortunately, MITRE has not released further details on these vulnerabilities. All larger Linux distros have openly declared to be affected by them, so the distros are now providing updated packages.

Related content

  • Hotplugging

    Hardware which just works is what every user wants. Current Linux distributions go a long way to fulfilling that dream. In this article, we will be investigating how the hotplug system works.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

  • Udev

    After three years of hanging around on the sidelines, Udev has finally ousted the legacy Dev-FS system. We take a look under the hood at the Udev device management system inside your Linux system.

  • ASK KLAUS!

    Klaus Knopper is the creator of Knoppix and co-founder of the LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine. com

  • Command Line: Using udev

    Learn how to create your own udev rules and deploy command-line tools to monitor and control udev events to clear your way through the Linux device jungle.

comments powered by Disqus

Issue 170/2015

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News