Bug 20553

Summary: Local user can increase his privileges (CVE-2017-2636)
Product: Mageia Reporter: Marja Van Waes <marja11>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: makowski.mageia
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1428319
Whiteboard:
Source RPM: CVE:
Status comment:
Bug Depends on: 20527, 20528, 20529    
Bug Blocks:    

Description Marja Van Waes 2017-03-22 11:22:34 CET 
I don't know whether we should worry about CVE-2017-2636, filing this bug in case we should.

A Dutch tech website is blaming Linux distros for being slow to fix the issue.
I don't know whether the issue is as bad as they think, but ticking the "secteam" box in case they are.

They claim as good as all distros which have "CONFIG_N_HDLC=m" in their kernel config are affected.


$ grep "CONFIG_N_HDLC=m" /boot/config-4.9.16-desktop-2.mga6 
CONFIG_N_HDLC=m
[marja@localhost ~]$
Marja Van Waes 2017-03-22 15:07:25 CET

CC: (none) => makowski.mageia
See Also: (none) => https://bugzilla.redhat.com/show_bug.cgi?id=1428319

Comment 1 Philippe Makowski 2017-03-22 16:28:11 CET 
according to RedHat :
Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b

and Mitigation:

The  n_hdlc kernel module will be automatically loaded when an application  attempts to use the HDLC line discipline from userspace.  This module  can be prevented from being loaded by using the system-wide modprobe  rules. The following command, run as root, will prevent accidental or  intentional loading of the module.  Red Hat Product Security believe  this method is a robust method to prevent accidental loading of the  module, even by privileged users.

รข# echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf
Comment 2 Thomas Backlund 2017-03-22 18:48:22 CET 
Yes, Cauldron is fixed as of kernel 4.9.15

Mga5 kernel 4.4 series is fixed upstream as of 4.4.54

I have  4.4.55-1 sets assigned to QA since 2017-03-19

https://bugs.mageia.org/show_bug.cgi?id=20527
https://bugs.mageia.org/show_bug.cgi?id=20528
https://bugs.mageia.org/show_bug.cgi?id=20529
Comment 3 Marja Van Waes 2017-03-22 19:14:49 CET 
(In reply to Thomas Backlund from comment #2)
> Yes, Cauldron is fixed as of kernel 4.9.15
> 
> Mga5 kernel 4.4 series is fixed upstream as of 4.4.54
> 
> I have  4.4.55-1 sets assigned to QA since 2017-03-19
> 
> https://bugs.mageia.org/show_bug.cgi?id=20527
> https://bugs.mageia.org/show_bug.cgi?id=20528
> https://bugs.mageia.org/show_bug.cgi?id=20529

Thanks, Thomas :-)

Version: Cauldron => 5
Depends on: (none) => 20527, 20528, 20529

Comment 4 Thomas Backlund 2017-03-25 21:17:24 CET 
Mga5 kernels now pushed

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 Marja Van Waes 2017-07-11 14:12:17 CEST 
This got fixed long ago, there's no need to keep this report hidden. So removing the tick that made it only visible to secteam.

Group: secteam => (none)