The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of RHEL: denial of service of mcstrans

Synthesis of the vulnerability 

A local attacker can create a denial of service in the mcstransd daemon.
Impacted systems: RHEL.
Severity of this alert: 1/4.
Creation date: 08/11/2007.
Références of this alert: 288201, CVE-2007-4570, RHSA-2007:0542-05, VIGILANCE-VUL-7319.

Description of the vulnerability 

MCS (Multi-Category Security) extends SELinux features to permit user to associate categories to his files: "Private", "Marketing", "Top secret", etc. For example :
  chcat +Marketing file

Each category is defined in /etc/selinux/targeted/setrans.conf. For example :
These categories have the internal name c1 and c2. The mcstransd daemon is used to convert.

A local attacker can use a category range whose inferior number is superior to the upper number. For example "c10.c9". In this case, the daemon loops for a long time to go through c10, c11, c12, ..., c4294967295, c0, c1, ... c9 and to handle data.

A local attacker can thus create a denial of service during several hours.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness announce impacts software or systems such as RHEL.

Our Vigil@nce team determined that the severity of this security alert is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat 

RHEL 5: new mcstrans packages.
New packages are available:
Red Hat Enterprise Linux version : mcstrans-0.2.6-1.el5
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.