CVE-2011-3619

2011-10-1700:00:00

ubuntu.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux
kernel before 3.0 does not properly handle invalid parameters, which allows
local users to cause a denial of service (NULL pointer dereference and
OOPS) or possibly have unspecified other impact by writing to a
/proc/#####/attr/current file.

Bugs

Notes

Author	Note
apw	this was introduced in the version of apparmour in maverick and has already been fixed after that

OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchlinux< 2.6.35-32.66UNKNOWN
ubuntu11.04noarchlinux< 2.6.38-11.47UNKNOWN
ubuntu10.04noarchlinux-lts-backport-maverick< 2.6.35-32.66~lucid1UNKNOWN
ubuntu10.04noarchlinux-lts-backport-natty< 2.6.38-11.49~lucid1UNKNOWN
ubuntu10.10noarchlinux-ti-omap4< 2.6.35-903.31UNKNOWN
ubuntu11.04noarchlinux-ti-omap4< 2.6.38-1209.22UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.10	noarch	linux	< 2.6.35-32.66	UNKNOWN
ubuntu	11.04	noarch	linux	< 2.6.38-11.47	UNKNOWN
ubuntu	10.04	noarch	linux-lts-backport-maverick	< 2.6.35-32.66~lucid1	UNKNOWN
ubuntu	10.04	noarch	linux-lts-backport-natty	< 2.6.38-11.49~lucid1	UNKNOWN
ubuntu	10.10	noarch	linux-ti-omap4	< 2.6.35-903.31	UNKNOWN
ubuntu	11.04	noarch	linux-ti-omap4	< 2.6.38-1209.22	UNKNOWN