Lucene search

MitreCVE-2017-6507

HistoryMar 24, 2017 - 7:59 a.m.

CVE-2017-6507

2017-03-2407:59:00

CWE-269

mitre

web.nvd.nist.gov

apparmor

cve-2017-6507

security

vulnerability

attack surface

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

59.7%

JSON

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle ‘restart’ operations removing AppArmor profiles that aren’t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what’s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.

Affected configurations

Nvd

Node

apparmorapparmorRange≤2.11

Node

canonicalubuntu_coreMatch15.04

canonicalubuntu_touchMatch15.04

VendorProductVersionCPE
apparmorapparmor*cpe:2.3:a:apparmor:apparmor:*:*:*:*:*:*:*:*
canonicalubuntu_core15.04cpe:2.3:o:canonical:ubuntu_core:15.04:*:*:*:*:*:*:*
canonicalubuntu_touch15.04cpe:2.3:o:canonical:ubuntu_touch:15.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apparmor	apparmor	*	cpe:2.3:a:apparmor:apparmor::::::::
canonical	ubuntu_core	15.04	cpe:2.3:o:canonical:ubuntu_core:15.04:::::::*
canonical	ubuntu_touch	15.04	cpe:2.3:o:canonical:ubuntu_touch:15.04:::::::*