Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Oct 2011 14:32:43 +0200
From: Marcus Meissner <meissner@...e.de>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: CVE request: kernel/AppArmor local denial of service

Hi,

A process can cause itself to Ooops by doing an invalid formatted
write to the process attr/current when the Apparmor security framework
is enabled (even without a apparmor profile).

e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current"

This will cause a NULL ptr dereference, which oopses the current process and
in connection with kdump or panic on oops will halt the machine.

References:
https://bugs.launchpad.net/apparmor/+bug/789409
https://bugzilla.novell.com/show_bug.cgi?id=717209

Fix is in:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865

This only affected Linux kernel mainline since the introduction of
AppArmor up to and including 3.0-rc2

The SUSE patchset used in our older distribution had a additional NULL
check avoiding the issue.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.