James Morris - SELinux blocks CVE-2006-3626 (local privilege escalation)
SELinux blocks CVE-2006-3626 (local privilege escalation)|
Joshua Brindle has analyzed the recent /proc local privilege escalation vulnerability, CVE-2006-3626, and posted that SELinux targeted policy prevents exploitation.
It'd be an interesting and useful exercise to go back through historical vulnerabilities and determine how many of them would be mitigated by SELinux and similar technologies (Exec-shield, PIE etc.).
Mark Cox wrote an interesting paper, Risk Report: A year of Red Hat Enterprise Linux 4, which mentions that SELinux blocked the Lupper worm (also noting that that the policy version shipped by default would not have blocked a modified version of the worm).
SELinux mitigation confirmed by SANS. They also mention mounting /proc as nosuid as a workaround.
|Date:||July 16th, 2006 03:33 am (UTC)|| |
Mildly ironic that it was introduced by Stephen Smalley...
From what I can tell, it looks like he was trying to fix a broken patch submitted by someone else, and further modified it based on someone else's suggestions. It was reviewed by others including Andrew Morton. Ironic I guess but not exactly surprising for an SELinux developer to be involved in this area of the kernel, and that everyone makes mistakes.