CVE-2014-9645
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-9645
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-9645.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2014-9645
- Related
- Published
- 2017-03-12T06:59:00Z
- Modified
- 2025-04-20T01:37:25Z
- Downstream
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command.
- References
-
- https://security.gentoo.org/glsa/201503-13
- http://openwall.com/lists/oss-security/2015/01/24/4
- http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
- https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
- https://bugs.busybox.net/show_bug.cgi?id=7652
- https://bugzilla.redhat.com/show_bug.cgi?id=1185707
- http://seclists.org/fulldisclosure/2020/Mar/15
- http://www.securityfocus.com/bid/72324
- https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
- https://usn.ubuntu.com/3935-1/
- https://security-tracker.debian.org/tracker/CVE-2014-9645
Affected packages
Debian:11 / busybox
Package
- Name
- busybox
- Purl
- pkg:deb/debian/busybox?arch=source
Debian:12 / busybox
Package
- Name
- busybox
- Purl
- pkg:deb/debian/busybox?arch=source
Debian:13 / busybox
Package
- Name
- busybox
- Purl
- pkg:deb/debian/busybox?arch=source