Bug 749243 (CVE-2011-4080)

Summary: CVE-2011-4080 kernel: sysctl: restrict write access to dmesg_restrict
Product: [Other] Security Response Reporter: Petr Matousek <pmatouse>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: arozansk, bhu, dhoward, fhrbata, jkacur, jlieskov, jrieden, kernel-mgr, lgoncalv, lwang, nobody, plougher, rt-maint, vgoyal, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 06:11:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 749246, 749247, 749248, 749251, 749252, 749259, 761389    
Bug Blocks: 740604    

Description Petr Matousek 2011-10-26 14:54:19 UTC 
When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel ring buffer.  But a root user without CAP_SYS_ADMIN is able to reset dmesg_restrict to 0.

This is an issue when e.g.  LXC (Linux Containers) are used and complete user space is running without CAP_SYS_ADMIN.  A unprivileged and jailed root user can bypass the dmesg_restrict protection.

Introduced by:
eaf06b241b091357e72b76863ba16e89610d31bd

Fixed by:
bfdc0b497faa82a0ba2f9dddcf109231dd519fcc
Comment 3 Petr Matousek 2011-10-26 15:04:53 UTC 
Statement:

Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance
life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore
the fix for this issue is not currently planned to be included in the future
updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
Comment 4 Petr Matousek 2011-10-26 15:15:57 UTC 
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 749259]
Comment 5 Jan Lieskovsky 2011-10-27 09:13:26 UTC 
The CVE identifier of CVE-2011-4080 has been assigned to this issue:
[1] http://www.openwall.com/lists/oss-security/2011/10/26/10
Comment 6 Eugene Teo (Security Response) 2011-10-28 03:54:36 UTC 
(In reply to comment #5)
> The CVE identifier of CVE-2011-4080 has been assigned to this issue:
> [1] http://www.openwall.com/lists/oss-security/2011/10/26/10

And rejected. Removed CVE from the bugs.
Comment 7 Vincent Danen 2015-08-22 06:11:11 UTC 
This was fixed in RHSA-2012:0481 and RHBA-2012:0361.

https://rhn.redhat.com/errata/RHBA-2012-0361.html (RHEL 5)
https://rhn.redhat.com/errata/RHSA-2012-0481.html (RHEL 6)