Linux Kernel SELinux Module Tracer SID Local DoS

2006-05-04T07:03:10
ID OSVDB:25232
Type osvdb
Reporter Stephen Smalley(sds@tycho.nsa.gov)
Modified 2006-05-04T07:03:10

Description

Vulnerability Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when 'selinux_ptrace' is used to trace a process. The SID that is set while doing so might be replaced later on accessing certain '/proc' files relating to that process, potentially allowing the owner of the original process to enter the other process' domain. This can result in unauthorised access to the target domain, but appears to be more likely to result in a kernel panic and hence in a loss of availability for the platform.

Solution Description

Upgrade to version 2.6.16-rc6 or higher, as it has been reported to fix this vulnerability. For Ubuntu users, the problem can be corrected by upgrading the affected package to version 2.6.10-34.17 (for Ubuntu 5.04) or 2.6.12-10.32 (for Ubuntu 5.10). An upgrade is required as there are no known workarounds.

Short Description

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when 'selinux_ptrace' is used to trace a process. The SID that is set while doing so might be replaced later on accessing certain '/proc' files relating to that process, potentially allowing the owner of the original process to enter the other process' domain. This can result in unauthorised access to the target domain, but appears to be more likely to result in a kernel panic and hence in a loss of availability for the platform.

References:

Vendor Specific News/Changelog Entry: http://www.ubuntu.com/usn/usn-281-1 Vendor Specific News/Changelog Entry: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=341c2d806b71cc3596afeb2d9bd26cd718e75202 Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:19330 Secunia Advisory ID:22417 Secunia Advisory ID:20157 Secunia Advisory ID:21465 Secunia Advisory ID:22093 Secunia Advisory ID:19955 RedHat RHSA: RHSA-2006:0575 Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1184 Mail List Post: http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2 CVE-2006-1052 Bugtraq ID: 17830