Bug 726772 (CVE-2011-4080) - VUL-0: CVE-2011-4080: kernel: sysctl: restrict write access to dmesg_restrict
Summary: VUL-0: CVE-2011-4080: kernel: sysctl: restrict write access to dmesg_restrict
Status: RESOLVED FIXED
Alias: CVE-2011-4080
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-27 07:16 UTC by Ludwig Nussel
Modified: 2017-04-04 17:58 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-10-27 07:16:15 UTC 
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2011-4080

------------------------------------------------------------------------------
Date: Wed, 26 Oct 2011 17:16:12 +0200
From: Petr Matousek <pmatouse@redhat.com>
Subject: [oss-security] CVE Request -- kernel: sysctl: restrict write access to
 dmesg_restrict

When dmesg_restrict is set to 1 CAP_SYS_ADMIN is needed to read the
kernel ring buffer. But a root user without CAP_SYS_ADMIN is able
to reset dmesg_restrict to 0.

This is an issue when e.g.  LXC (Linux Containers) are used and complete
user space is running without CAP_SYS_ADMIN.  A unprivileged and jailed
root user can bypass the dmesg_restrict protection.

Introduced by:
eaf06b241b091357e72b76863ba16e89610d31bd

Fixed by:
bfdc0b497faa82a0ba2f9dddcf109231dd519fcc

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
Comment 1 Ludwig Nussel 2011-10-27 13:53:50 UTC 
questionable because there are many other sysctl settings that are writable too
Comment 2 Michal Hocko 2011-10-31 09:39:23 UTC 
Knob introduced in .37 kernel.
Doesn't affect any SLES*-TD branch.
Comment 4 Michal Marek 2012-01-25 15:39:00 UTC 
openSUSE-11.4 kernel 2.6.37.6-0.5 had this fix, newer products were released with a fixed kernel already.
Comment 5 Marcus Meissner 2012-01-25 16:19:06 UTC 
so done i think. dmesg_resdtrict wont be backported