Date: Mon, 17 Oct 2011 14:32:43 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE request: kernel/AppArmor local denial of service Hi, A process can cause itself to Ooops by doing an invalid formatted write to the process attr/current when the Apparmor security framework is enabled (even without a apparmor profile). e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current" This will cause a NULL ptr dereference, which oopses the current process and in connection with kdump or panic on oops will halt the machine. References: https://bugs.launchpad.net/apparmor/+bug/789409 https://bugzilla.novell.com/show_bug.cgi?id=717209 Fix is in: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865 This only affected Linux kernel mainline since the introduction of AppArmor up to and including 3.0-rc2 The SUSE patchset used in our older distribution had a additional NULL check avoiding the issue. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.