Ubuntu
linux package

unix domain socket bind causes kernel audit NULL pointer deference

Bug #1586997 reported by Roman Fiedler on 2016-05-30

262

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

As requested, re-report of https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1508737/ :

When syscall auditing for bind syscall is enabled, a socket bind with a relative path causes a NULL-pointer dereference.

Reproducer for Ubuntu Trusty LTS:

auditctl -a always,exit -F arch=b64 -S bind

#!/usr/bin/python2 -BEsSt
import socket
testSocket=socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
testSocket.bind('sock')

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-86-generic 3.13.0-86.131
ProcVersionSignature: Ubuntu 3.13.0-86.131-generic 3.13.11-ckt39
Uname: Linux 3.13.0-86-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
Date: Mon May 30 09:20:20 2016
PackageArchitecture: amd64
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.utf8
SHELL=/bin/sh
ProcKernelCmdLine: root=UUID=784cd3ad-c5b5-4979-b6dc-734b91ec0345 ro
RelatedPackageVersions:
linux-restricted-modules-3.13.0-86-generic N/A
linux-backports-modules-3.13.0-86-generic N/A
linux-firmware 1.127.22
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Roman Fiedler (roman-fiedler-deactivatedaccount) wrote on 2016-05-30:

CurrentDmesg.txt Edit (2.7 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (2.5 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (641 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (1007 bytes, text/plain; charset="utf-8")
ProcModules.txt Edit (1.7 KiB, text/plain; charset="utf-8")

Steve Beattie (sbeattie) on 2016-06-06

information type:

Private Security → Public Security

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-06-06: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1586997

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete

Seth Arnold (seth-arnold) on 2016-06-06

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package