Bug 995594 - (CVE-2016-1585) VUL-0: CVE-2016-1585: apparmor: mount rules grant excessive permissions
(CVE-2016-1585)
VUL-0: CVE-2016-1585: apparmor: mount rules grant excessive permissions
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Goldwyn Rodrigues
Security Team bot
https://smash.suse.de/issue/172158/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-25 14:40 UTC by Marcus Meissner
Modified: 2017-07-13 22:35 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-08-25 14:40:26 UTC
CVE-2016-1585

The rule
  mount options=(rw,make-slave) -> **,

ends up allowing
  mount -t proc proc /mnt

which it shouldn't as it should be restricted to commands with a make-slave flag

References:
https://bugs.launchpad.net/apparmor/%2Bbug/1597017
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1585
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1585.html
Comment 1 Marcus Meissner 2016-08-25 14:41:22 UTC
not sure which parser versions even allow that, its probably not in the older ones.
Comment 2 Marcus Meissner 2016-08-25 14:46:14 UTC
seems to have been introduced in 2.8 . that would make sle12 and opensuse affected.
Comment 3 Christian Boltz 2016-08-25 15:51:36 UTC
The kernel code to handle mount rules is currently only in the Ubuntu kernel (not upstream, also not in openSUSE). Therefore I doubt we are affected because apparmor_parser will only honor mount rules if the kernel supports them.

Nevertheless I'M CC'ing John Johansen (one of the upstream developers who focuses on apparmor_parser and the AppArmor kernel code) - John, please correct me if the above is wrong ;-)
Comment 4 Swamp Workflow Management 2016-08-25 22:00:24 UTC
bugbot adjusting priority
Comment 5 Johannes Segitz 2017-07-13 15:21:17 UTC
.