openSUSE 10 Security Update : apparmor (apparmor-1842)
High Nessus Plugin ID 27153
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update fixes security problems in the AppArmor confinment technology.
Since it adds new flags to the profile syntax, you likely should review and adapt your profiles.
- If a profile allowed unconfined execution ('ux') of a child binary it was possible to inject code via LD_PRELOAD or similar environment variables into this child binary and execute code without confiment.
We have added new flag 'Ux' (and 'Px' for 'px') which makes the executed child clear the most critical environment variables (similar to setuid programs).
Special care needs to be taken nevertheless that this interaction between parent and child programs can not be exploited in other ways to gain the rights of the child process.
- If a resource is marked as 'r' in the profile it was possible to use mmap with PROT_EXEC flag set to load this resource as executable piece of code, making it effectively 'ix'.
This could be used by a coordinated attack between two applications to potentially inject code into the reader.
To allow mmap() executable access, supply the 'm' flag to the applications profile.
Please also review the updated documentation.
SolutionUpdate the affected apparmor packages.