lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 2 Jul 2017 10:18:06 +0200
From: "Securify B.V." <lists@...urify.nl>
To: bugtraq@...urityfocus.com
Subject: InsomniaX loader allows loading of arbitrary Kernel Extensions

------------------------------------------------------------------------
InsomniaX loader allows loading of arbitrary Kernel Extensions
------------------------------------------------------------------------
Yorick Koster, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was found that the loader application bundled with InsomniaX can be
used to load arbitrary Kernel Extensions (kext). The loader is normally
used to load a kext file that is needed to disable the Lid Sleep. A flaw
has been found in the loader that allows a local attacker to load (or
unload) any arbitrary kext file.

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- http://semaja2.net/2017/06/insomniax-security-notice/
- http://semaja2.net/2017/06/thank-you-and-farewell-for-now/

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully verified on InsomniaX version 2.1.8.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available. The author of InsomniaX reports
that InsomniaX is no longer supported. As a workaround, remove the
setuid bit from the loader file. Doing so will prevent users from
disabling the Lid Sleep.

sudo chmod u-s /Applications/InsomniaX.app/Contents/Resources/loader

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170405/insomniax-loader-allows-loading-of-arbitrary-kernel-extensions.html

Powered by blists - more mailing lists