NVD

Id
83784  
Name
CVE-2017-6507  
Description
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-04-27  
Published
2017-03-24  
Modified Date
2017-03-31  
Seq
2017-6507  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66412 JVNDB-2017-002750 AppArmor におけるアクセス制御に関する脆弱性 AppArmor には、アクセス制御に関する脆弱性が存在します。 CVE-2017-6507 0 CVE-2017-6507 83784 4.3 5.9 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002750.html 2017-03-21 2017-04-27 View