openSUSE 10 Security Update : apparmor (apparmor-1842)

High Nessus Plugin ID 27153


The remote openSUSE host is missing a security update.


This update fixes security problems in the AppArmor confinment technology.

Since it adds new flags to the profile syntax, you likely should review and adapt your profiles.

- If a profile allowed unconfined execution ('ux') of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment.

We have added new flag 'Ux' (and 'Px' for 'px') which makes the executed child clear the most critical environment variables (similar to setuid programs).
Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process.

- If a resource is marked as 'r' in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively 'ix'.

This could be used by a coordinated attack between two applications to potentially inject code into the reader.

To allow mmap() executable access, supply the 'm' flag to the applications profile.

Please also review the updated documentation.


Update the affected apparmor packages.

Plugin Details

Severity: High

ID: 27153

File Name: suse_apparmor-1842.nasl

Version: $Revision: 1.8 $

Type: local

Agent: unix

Published: 2007/10/17

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:apparmor-admin_en, p-cpe:/a:novell:opensuse:apparmor-parser, p-cpe:/a:novell:opensuse:apparmor-profiles, p-cpe:/a:novell:opensuse:apparmor-utils, p-cpe:/a:novell:opensuse:audit, p-cpe:/a:novell:opensuse:audit-devel, p-cpe:/a:novell:opensuse:audit-libs, p-cpe:/a:novell:opensuse:yast2-apparmor, cpe:/o:novell:opensuse:10.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2006/07/17