Date: Mon, 17 Oct 2011 15:14:30 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel/AppArmor local denial of service On Mon, Oct 17, 2011 at 02:32:43PM +0200, Marcus Meissner wrote: > Hi, > > A process can cause itself to Ooops by doing an invalid formatted > write to the process attr/current when the Apparmor security framework > is enabled (even without a apparmor profile). > > e.g. by doing "echo 'AAA AAA' > /proc/$$/attr/current" > > This will cause a NULL ptr dereference, which oopses the current process and > in connection with kdump or panic on oops will halt the machine. > > References: > https://bugs.launchpad.net/apparmor/+bug/789409 > https://bugzilla.novell.com/show_bug.cgi?id=717209 > > Fix is in: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a5b2c5b2ad5853591a6cac6134cd0f599a720865 > > This only affected Linux kernel mainline since the introduction of > AppArmor up to and including 3.0-rc2 > > The SUSE patchset used in our older distribution had a additional NULL > check avoiding the issue. > > Ciao, Marcus Please use CVE-2011-3619. Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.