Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Oct 2011 15:14:30 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: kernel/AppArmor local denial of
 service

On Mon, Oct 17, 2011 at 02:32:43PM +0200, Marcus Meissner wrote:
> Hi,
> 
> A process can cause itself to Ooops by doing an invalid formatted
> write to the process attr/current when the Apparmor security framework
> is enabled (even without a apparmor profile).
> 
> e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current"
> 
> This will cause a NULL ptr dereference, which oopses the current process and
> in connection with kdump or panic on oops will halt the machine.
> 
> References:
> https://bugs.launchpad.net/apparmor/+bug/789409
> https://bugzilla.novell.com/show_bug.cgi?id=717209
> 
> Fix is in:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865
> 
> This only affected Linux kernel mainline since the introduction of
> AppArmor up to and including 3.0-rc2
> 
> The SUSE patchset used in our older distribution had a additional NULL
> check avoiding the issue.
> 
> Ciao, Marcus

Please use CVE-2011-3619.

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.