Search criteria
2 vulnerabilities by apparmor
CVE-2016-1585 (GCVE-0-2016-1585)
Vulnerability from cvelistv5 – Published: 2019-04-22 15:35 – Updated: 2024-09-16 23:36
VLAI?
Title
AppArmor mount rules grant excessive permissions
Summary
In all versions of AppArmor mount rules are accidentally widened when compiled.
Severity ?
CWE
- Improper translation of access control rules to policy.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apparmor/+bug/1597017"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apparmor",
"vendor": "AppArmor",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all versions of AppArmor mount rules are accidentally widened when compiled."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper translation of access control rules to policy.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:47",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apparmor/+bug/1597017"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/apparmor/+bug/1597017"
],
"discovery": "UNKNOWN"
},
"title": "AppArmor mount rules grant excessive permissions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2016-06-28T00:00:00.000Z",
"ID": "CVE-2016-1585",
"STATE": "PUBLIC",
"TITLE": "AppArmor mount rules grant excessive permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apparmor",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "AppArmor"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions of AppArmor mount rules are accidentally widened when compiled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper translation of access control rules to policy."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/apparmor/+bug/1597017",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apparmor/+bug/1597017"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/apparmor/+bug/1597017"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2016-1585",
"datePublished": "2019-04-22T15:35:59.573205Z",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-09-16T23:36:50.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6507 (GCVE-0-2017-6507)
Vulnerability from cvelistv5 – Published: 2017-03-24 06:56 – Updated: 2024-08-05 15:33
VLAI?
Summary
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648"
},
{
"name": "97223",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97223"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6507.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apparmor/+bug/1668892"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle \u0027restart\u0027 operations removing AppArmor profiles that aren\u0027t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what\u0027s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-31T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648"
},
{
"name": "97223",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97223"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6507.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/apparmor/+bug/1668892"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle \u0027restart\u0027 operations removing AppArmor profiles that aren\u0027t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what\u0027s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648",
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648"
},
{
"name": "97223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97223"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6507.html",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6507.html"
},
{
"name": "https://bugs.launchpad.net/apparmor/+bug/1668892",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/apparmor/+bug/1668892"
},
{
"name": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647",
"refsource": "CONFIRM",
"url": "http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6507",
"datePublished": "2017-03-24T06:56:00",
"dateReserved": "2017-03-07T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}