118535 – circumventing protection of files flagged immutable (CVE-2005-4351)

Bug 118535 - circumventing protection of files flagged immutable (CVE-2005-4351)

Summary: circumventing protection of files flagged immutable (CVE-2005-4351)

Status:	RESOLVED CANTFIX

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-10 07:50 UTC by kfm
Modified:	2009-05-03 15:59 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kfm 2006-01-10 07:50:34 UTC

Hi. I'm filing this because, according to an advisory from redteam-pentesting.de, it is possible to place "an arbitrary file
at the location of an immutable file, without changing the immutable
file itself." This is stated to be a weakness of the BSD securelevels mechanism and allegedly all kernels up to and including 2.6.15 are affected (presumably when  SECURITY_SECLVL is enabled).

For further details please see:

* http://redteam-pentesting.de/advisories/rt-sa-2005-015.txt
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4351

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2006-03-11 11:29:31 UTC

Greg -- know if this issue has been fixed?

Comment 2 Greg Kroah-Hartman (RETIRED) gentoo-dev

2006-03-11 13:53:15 UTC

Nope, and it doesn't look like the kernel security levels person cares about
it, and as no one uses it, I wouldn't really worry about it.

Hope this helps.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2006-03-11 13:54:26 UTC

Thanks Greg -- guess we can close this one as UPSTREAM then.

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2009-05-03 15:59:23 UTC

reopen to change resolution type