Vigil@nce - Linux kernel : denial of service via EVM
mars 2013 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the system is configured with EVM, a local attacker can use a
Unix socket, in order to stop the system.
Impacted products : Linux
Severity : 2/4
Creation date : 21/02/2013
DESCRIPTION OF THE VULNERABILITY
The EVM (Extended Verification Module) feature checks if files
were not altered.
A Unix socket can be used by two processes to exchange
information. It uses a special file. When the fchmod() function is
called on this file, the evm_update_evmxattr() function of the
security/integrity/evm/evm_crypto.c file is called. However, as
this file is a Unix socket, it does not have a removexattr
attribute. A NULL pointer is then dereferenced.
When the system is configured with EVM, a local attacker can
therefore use a Unix socket, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-EVM-12444