CVE-2011-4124 – CVE-2011-4124 is a privilege escalation vulnera... (How to Fix)

Q: What is the severity of CVE-2011-4124?

CVE-2011-4124 has a CVSS score of 9.8 (CRITICAL). CVE-2011-4124 is a privilege escalation vulnerability in Calibre's Linux mount helper that allows local attackers to execute arbitrary commands with root privileges. The vulnerability exists due to improper input validation when processing mount arguments, enabling argument injection. This affects Linux systems running vulnerable versions of Calibre.

📋 TL;DR

CVE-2011-4124 is a privilege escalation vulnerability in Calibre's Linux mount helper that allows local attackers to execute arbitrary commands with root privileges. The vulnerability exists due to improper input validation when processing mount arguments, enabling argument injection. This affects Linux systems running vulnerable versions of Calibre.

💻 Affected Systems

Products:

Calibre

Versions: Versions prior to 0.8.42

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Linux systems where Calibre is installed with setuid mount helper. The mount helper is typically installed with setuid root permissions.

📦 What is this software?

Calibre by Calibre Ebook

View all CVEs affecting Calibre →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges on the system, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Local user or malicious process escalates privileges to root, potentially installing malware, accessing sensitive data, or modifying system configurations.

🟢

If Mitigated

With proper privilege separation and SELinux/apparmor enforcement, impact limited to specific mount operations rather than full root access.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring access to the system, not remotely exploitable.

🏢 Internal Only: HIGH - Any local user or compromised process can exploit this to gain root privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit code is publicly available and trivial to execute. Requires local access to the system but no authentication beyond standard user privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.42 and later

Vendor Advisory: https://bugs.launchpad.net/calibre/+bug/885027

Restart Required: No

Instructions:

1. Update Calibre to version 0.8.42 or later using your package manager. 2. For Ubuntu/Debian: sudo apt-get update && sudo apt-get install calibre. 3. For other distributions, use appropriate package manager or download from calibre-ebook.com.

🔧 Temporary Workarounds

Remove setuid from mount helper

linux

Remove setuid permissions from the vulnerable mount helper binary to prevent privilege escalation

sudo chmod u-s /usr/lib/calibre/calibre-mount-helper

Disable mount helper

linux

Remove or rename the mount helper binary to prevent exploitation

sudo mv /usr/lib/calibre/calibre-mount-helper /usr/lib/calibre/calibre-mount-helper.disabled

🧯 If You Can't Patch

Implement strict SELinux or AppArmor policies to restrict the mount helper's capabilities
Remove Calibre from production systems or restrict user access to systems with vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check if calibre-mount-helper exists and has setuid bit set: ls -la /usr/lib/calibre/calibre-mount-helper 2>/dev/null | grep '^...s'

Check Version:

calibre --version | head -1

Verify Fix Applied:

Verify Calibre version is 0.8.42 or later: calibre --version | head -1

📡 Detection & Monitoring

Log Indicators:

Unusual mount operations via calibre-mount-helper
Process execution with unexpected arguments from calibre-mount-helper

Network Indicators:

Not applicable - local privilege escalation only

SIEM Query:

process.name:"calibre-mount-helper" AND process.args:*mount* AND process.user:root

📊 Metadata

CVE ID: CVE-2011-4124

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 27, 2021

Last Updated: November 21, 2024

🔗 References

https://bugs.launchpad.net/calibre/+bug/885027 Exploit,Issue Tracking,Third Party Advisory
https://git.zx2c4.com/calibre-mount-helper-exploit/about/ Exploit,Third Party Advisory
https://lwn.net/Articles/464824/ Not Applicable,Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/11/02/2 Mailing List,Third Party Advisory
https://bugs.launchpad.net/calibre/+bug/885027 Exploit,Issue Tracking,Third Party Advisory
https://git.zx2c4.com/calibre-mount-helper-exploit/about/ Exploit,Third Party Advisory
https://lwn.net/Articles/464824/ Not Applicable,Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/11/02/2 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2011-4124, you might also want to check these: