ALAS-2014-417 ---- kernel perfID: oval:org.secpod.oval:def:1600152 | Date: (C)2016-01-19 (M)2024-03-20 |
Class: PATCH | Family: unix |
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service on systems that had atime disabled via a "mount -o remount" command within a user namespace. The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace.
Platform: |
Amazon Linux AMI |