Vigil@nce - Linux kernel: denial of service via AppArmor
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When AppArmor is enabled, a local attacker can send malicious data
to attr/current, in order to stop the system.
Severity: 1/4
Creation date: 17/10/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The AppArmor feature defines capabilities and files which can be
used by a program.
The /proc/PID/attr/current file is used to read and change
attributes of a process (PID: Process ID).
When a user tries to change these attributes using malformed data,
an error message is logged in the apparmor_setprocattr() function
of the security/apparmor/lsm.c file. However, the call to the
function aa_audit(AUDIT_APPARMOR_DENIED ...) dereferences a NULL
pointer.
When AppArmor is enabled, a local attacker can therefore send
malicious data to attr/current, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-AppArmor-11066