CVE-2017-6507

Publication date 24 March 2017

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.9 · Medium

Score breakdown

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.

Status

Package Ubuntu Release Status
apparmor 17.04 zesty
Fixed 2.11.0-2ubuntu3
16.10 yakkety
Fixed 2.10.95-4ubuntu5.3
16.04 LTS xenial
Fixed 2.10.95-0ubuntu2.6
14.04 LTS trusty
Fixed 2.10.95-0ubuntu2.6~14.04.1
12.04 LTS precise
Fixed 2.7.102-0ubuntu3.11

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
apparmor

Severity score breakdown

Parameter Value
Base score 5.9 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Related Ubuntu Security Notices (USN)

Other references