CVE-2017-6507

CWE-269Improper Privilege Management6 documents6 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 43.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apparmor ApparmorCanonical Ubuntu CoreCanonical Ubuntu Touch
Timeline
PublishedMar 24
Latest updateMay 13

Description

An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own App

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

Debianapparmor< 2.11.0-3+3

Patches

Patch: bazaar.launchpad.netPatch: bazaar.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

3
GHSA
GHSA-44p8-9hqx-3rqg: An issue was discovered in AppArmor before 22022-05-13
CVEList
CVE-2017-6507: An issue was discovered in AppArmor before 22017-03-24
OSV
CVE-2017-6507: An issue was discovered in AppArmor before 22017-03-24

📋Vendor Advisories

2
Ubuntu
AppArmor vulnerability2017-03-28
Debian
CVE-2017-6507: apparmor - An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown A...2017
CVE-2017-6507 (MEDIUM CVSS 5.9) | An issue was discovered in AppArmor | cvebase.io