oss-sec mailing list archives
CVE Request: Linux kernel: SELinux local DoS
From: P J P <ppandit () redhat com>
Date: Thu, 6 Feb 2014 23:14:23 +0530 (IST)
Hello,Linux kernel built with the NSA SELinux Support(CONFIG_SECURITY_SELINUX) is vulnerable to a crash caused by an empty SELinux security context. When a file has an empty security context, listing it via 'ls(1)' could trigger this crash. Only user/processes with CAP_MAC_ADMIN privileges are allowed to set the SELinux security context of a file.
A user/process with CAP_MAC_ADMIN privileges could use this flaw to crash the kernel, resulting in a DoS.
Upstream fix: ------------- -> http://marc.info/?l=selinux&m=139110025203759&w=2 Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1062356 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE Request: Linux kernel: SELinux local DoS P J P (Feb 06)
- Re: CVE Request: Linux kernel: SELinux local DoS Florian Weimer (Feb 06)
- Re: CVE Request: Linux kernel: SELinux local DoS cve-assign (Feb 06)