Vigil@nce: Linux kernel, invalid configuration of IMA LSM
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
In some cases, the Integrity Measurement Architecture
configuration is invalid, so a local attacker can freely alter a
file.
– Severity: 1/4
– Creation date: 07/01/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The IMA (Integrity Measurement Architecture) LSM (Linux Security
Module) uses the SHA1 hash of important system files, in order to
check their integrity.
In some cases, the security_filter_rule_init() function returns an
empty rule. Then, the ima_lsm_rule_init() function of the
security/integrity/ima/ima_policy.c file ignores following rules.
The Integrity Measurement Architecture configuration is thus
incorrectly applied.
A local attacker can therefore freely alter a file, even if IMA is
used.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-invalid-configuration-of-IMA-LSM-10256