Bug 749243 – CVE-2011-4080 kernel: sysctl: restrict write access to dmesg_restrict

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 749243 - (CVE-2011-4080) CVE-2011-4080 kernel: sysctl: restrict write access to dmesg_restrict

Summary:	CVE-2011-4080 kernel: sysctl: restrict write access to dmesg_restrict

Status:	CLOSED ERRATA

Aliases:	CVE-2011-4080

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20110323,reported=2...
Keywords:	Security

Depends On:	749246 749247 749248 749251 749252 749259 761389
Blocks:	740604
	Show dependency tree / graph

Reported:	2011-10-26 10:54 EDT by Petr Matousek
Modified:	2015-08-22 02:11 EDT (History)
CC List:	15 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-08-22 02:11:11 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Petr Matousek 2011-10-26 10:54:19 EDT

When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the kernel ring buffer.  But a root user without CAP_SYS_ADMIN is able to reset dmesg_restrict to 0.

This is an issue when e.g.  LXC (Linux Containers) are used and complete user space is running without CAP_SYS_ADMIN.  A unprivileged and jailed root user can bypass the dmesg_restrict protection.

Introduced by:
eaf06b241b091357e72b76863ba16e89610d31bd

Fixed by:
bfdc0b497faa82a0ba2f9dddcf109231dd519fcc

Comment 3 Petr Matousek 2011-10-26 11:04:53 EDT

Statement:

Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance
life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore
the fix for this issue is not currently planned to be included in the future
updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.

Comment 4 Petr Matousek 2011-10-26 11:15:57 EDT

Created kernel tracking bugs for this issue

Affects: fedora-all [bug 749259]

Comment 5 Jan Lieskovsky 2011-10-27 05:13:26 EDT

The CVE identifier of CVE-2011-4080 has been assigned to this issue:
[1] http://www.openwall.com/lists/oss-security/2011/10/26/10

Comment 6 Eugene Teo (Security Response) 2011-10-27 23:54:36 EDT

(In reply to comment #5)
> The CVE identifier of CVE-2011-4080 has been assigned to this issue:
> [1] http://www.openwall.com/lists/oss-security/2011/10/26/10

And rejected. Removed CVE from the bugs.

Comment 7 Vincent Danen 2015-08-22 02:11:11 EDT

This was fixed in RHSA-2012:0481 and RHBA-2012:0361.

https://rhn.redhat.com/errata/RHBA-2012-0361.html (RHEL 5)
https://rhn.redhat.com/errata/RHSA-2012-0481.html (RHEL 6)

Note You need to log in before you can comment on or make changes to this bug.