Brief Description: modload(1) uses system(3) to execute ld.so(1). It doesn't properly restrict the IFS variable.
Detailed Description: modload is a program that loads moldules dynamically into a running kernel. modload uses system to execute ld.so to do the actual dynamic loading. modload does not reset the environment variable IFS to a safe state before it calls system.
Component(s): modload system sh
Version(s): those distributed with the named operating systems
Operating System(s): Solbourne Computer System(trusted source)
Other Information: A user account is required.
Effects:Access to the account of the owner of modload; this must be root, or else the modules could not be loaded into the kernel.
Detecting the Vulnerability:
* Compare versions with those listed in "Vulnerable Systems." If it matches any of those, you are vulnerable.
* Replace ld.so with a shell script or program that prints the current value of IFS. Add the character / to the value of IFS. Run modload and see if the value of IFS in your current environment is printed. If so, you have the vulnerability.
Fixing the Vulnerability:
* Upgrade to a newer version.
* If you have the source code, clean out the environment before calling system.
Keywords:modload, system, sh, IFS
Attack Methods or Tools: Not provided.
Advisories and Other Alerts: CA-93:18; Sun 00124
Related Vulnerabilities: none.
First Report We Know Of: by Mark Kraitchman firstname.lastname@example.org, Peter Shipley
Revisions of Database Record
1. Omar Vanegas(Jul 22, 1998): Entered into DOVES.
2. Mike Dilger(original): Entered into original database.