20553 – Local user can increase his privileges (CVE-2017-2636)

Bug 20553 - Local user can increase his privileges (CVE-2017-2636)

Summary: Local user can increase his privileges (CVE-2017-2636)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Thomas Backlund
QA Contact:	Sec team

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:	20527 20528 20529
Blocks:
	Show dependency tree / graph

Reported:	2017-03-22 11:22 CET by Marja Van Waes
Modified:	2017-07-11 14:12 CEST (History)
CC List:	1 user (show)

See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1428319
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marja Van Waes 2017-03-22 11:22:34 CET

I don't know whether we should worry about CVE-2017-2636, filing this bug in case we should.

A Dutch tech website is blaming Linux distros for being slow to fix the issue.
I don't know whether the issue is as bad as they think, but ticking the "secteam" box in case they are.

They claim as good as all distros which have "CONFIG_N_HDLC=m" in their kernel config are affected.


$ grep "CONFIG_N_HDLC=m" /boot/config-4.9.16-desktop-2.mga6 
CONFIG_N_HDLC=m
[marja@localhost ~]$

Marja Van Waes 2017-03-22 15:07:25 CET

CC: (none) => makowski.mageia
See Also: (none) => https://bugzilla.redhat.com/show_bug.cgi?id=1428319

Comment 1 Philippe Makowski 2017-03-22 16:28:11 CET

according to RedHat :
Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=82f2341c94d270421f383641b7cd670e474db56b

and Mitigation:

The  n_hdlc kernel module will be automatically loaded when an application  attempts to use the HDLC line discipline from userspace.  This module  can be prevented from being loaded by using the system-wide modprobe  rules. The following command, run as root, will prevent accidental or  intentional loading of the module.  Red Hat Product Security believe  this method is a robust method to prevent accidental loading of the  module, even by privileged users.

â# echo "install n_hdlc /bin/true" >> /etc/modprobe.d/disable-n_hdlc.conf

Comment 2 Thomas Backlund 2017-03-22 18:48:22 CET

Yes, Cauldron is fixed as of kernel 4.9.15

Mga5 kernel 4.4 series is fixed upstream as of 4.4.54

I have  4.4.55-1 sets assigned to QA since 2017-03-19

https://bugs.mageia.org/show_bug.cgi?id=20527
https://bugs.mageia.org/show_bug.cgi?id=20528
https://bugs.mageia.org/show_bug.cgi?id=20529

Comment 3 Marja Van Waes 2017-03-22 19:14:49 CET

(In reply to Thomas Backlund from comment #2)
> Yes, Cauldron is fixed as of kernel 4.9.15
> 
> Mga5 kernel 4.4 series is fixed upstream as of 4.4.54
> 
> I have  4.4.55-1 sets assigned to QA since 2017-03-19
> 
> https://bugs.mageia.org/show_bug.cgi?id=20527
> https://bugs.mageia.org/show_bug.cgi?id=20528
> https://bugs.mageia.org/show_bug.cgi?id=20529

Thanks, Thomas :-)

Version: Cauldron => 5
Depends on: (none) => 20527, 20528, 20529

Comment 4 Thomas Backlund 2017-03-25 21:17:24 CET

Mga5 kernels now pushed

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 Marja Van Waes 2017-07-11 14:12:17 CEST

This got fixed long ago, there's no need to keep this report hidden. So removing the tick that made it only visible to secteam.

Group: secteam => (none)

Note You need to log in before you can comment on or make changes to this bug.