Ubuntu AppArmor CVE-2017-6507 Security Bypass Vulnerability

Ubuntu AppArmor is prone to a security-bypass vulnerability.

An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

Versions prior to Ubuntu AppArmor prior to 2.12 are vulnerable.

Information

Bugtraq ID: 97223
Class: Design Error
CVE: CVE-2017-6507

Remote: Yes
Local: No
Published: Mar 29 2017 12:00AM
Updated: Apr 17 2017 03:07PM
Credit: Stéphane Graber
Vulnerable: Ubuntu Ubuntu Linux 16.10
Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu AppArmor 2.10
openSUSE Leap 42.2
openSUSE Leap 42.1

Not Vulnerable: Ubuntu AppArmor 2.12

References:

• AppArmor Homepage (Kees Cook)
  
• ~apparmor-dev/apparmor/master (launchpad)
  
• CVE-2017-6507 (canonical)
  
• CVE-2017-6507: apparmor service restarts and package upgrades unload privately m (launchpad)
  
• Viewing all changes in revision 3647. (launchpad)
  

Source: www.securityfocus.com