Vulnerabilites related to linuxcontainers - lxc
Vulnerability from fkie_nvd
Published
2020-02-10 01:15
Modified
2024-11-21 03:20
Severity ?
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:2.0.0:-:*:*:*:*:*:*", matchCriteriaId: "171010F6-2034-4373-B180-C5E75D533521", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.", }, { lang: "es", value: "En LXC versión 2.0, muchos scripts de plantilla descargan código por medio de texto sin cifrar HTTP, y omiten una comprobación de firma digital, antes de ejecutarse en los contenedores de arranque.", }, ], id: "CVE-2017-18641", lastModified: "2024-11-21T03:20:33.143", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-10T01:15:10.483", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:25
Severity ?
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25", versionEndIncluding: "1.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.", }, { lang: "es", value: "attach.c en LXC 1.1.2 y en versiones anteriores utiliza el sistema de archivos proc en un contenedor, lo que permite a usuarios del contenedor local escapar del confinamiento AppArmor o SELinux montando un sistema de archivos proc con un (1) perfil AppArmor o (2) una etiqueta SELinux manipulados.", }, ], id: "CVE-2015-1334", lastModified: "2024-11-21T02:25:11.530", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-12T14:59:05.590", references: [ { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html", }, { source: "security@ubuntu.com", url: "http://www.debian.org/security/2015/dsa-3317", }, { source: "security@ubuntu.com", url: "http://www.securityfocus.com/bid/75998", }, { source: "security@ubuntu.com", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { source: "security@ubuntu.com", url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", }, { source: "security@ubuntu.com", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75998", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-17", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-01 06:59
Modified
2024-11-21 02:59
Severity ?
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * | |
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "83629BC8-27B7-479D-A128-EFA5630BB184", versionEndExcluding: "1.0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "B65EC152-48AC-43E9-A1DF-E76C953508A5", versionEndExcluding: "2.0.6", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.", }, { lang: "es", value: "lxc-attach en LXC entre las versiones 1.0.9 y 2.x hasta la versión 2.0.6 permite que un atacante dentro de un contenedor sin privilegios, utilice un descriptor de archivo heredado de la carpeta /proc del host para acceder al resto del sistema de archivos del host a través de llamadas al sistema openat().", }, ], id: "CVE-2016-8649", lastModified: "2024-11-21T02:59:45.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-01T06:59:00.157", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94498", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-8649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-8649", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * | |
linuxcontainers | lxc | 0.1.0 | |
linuxcontainers | lxc | 0.2.0 | |
linuxcontainers | lxc | 0.2.1 | |
linuxcontainers | lxc | 0.3.0 | |
linuxcontainers | lxc | 0.4.0 | |
linuxcontainers | lxc | 0.5.0 | |
linuxcontainers | lxc | 0.5.1 | |
linuxcontainers | lxc | 0.5.2 | |
linuxcontainers | lxc | 0.6.0 | |
linuxcontainers | lxc | 0.6.1 | |
linuxcontainers | lxc | 0.6.2 | |
linuxcontainers | lxc | 0.6.3 | |
linuxcontainers | lxc | 0.6.4 | |
linuxcontainers | lxc | 0.6.5 | |
linuxcontainers | lxc | 0.7.0 | |
linuxcontainers | lxc | 0.7.1 | |
linuxcontainers | lxc | 0.7.2 | |
linuxcontainers | lxc | 0.7.3 | |
linuxcontainers | lxc | 0.7.4 | |
linuxcontainers | lxc | 0.7.4.1 | |
linuxcontainers | lxc | 0.7.4.2 | |
linuxcontainers | lxc | 0.7.5 | |
linuxcontainers | lxc | 0.8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "ADAA3CD5-2DF7-4FA5-8DE8-5C376D34988D", versionEndIncluding: "0.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.1.0:*:*:*:*:*:*:*", matchCriteriaId: "5DA7C45E-2A61-42D6-82D3-7F5ED2581770", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B089CD7B-9352-44DB-ACB3-6C5323FDE196", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.2.1:*:*:*:*:*:*:*", matchCriteriaId: "131DBF9F-7E49-46C7-B424-F8DFC9A30EA3", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E595E900-DB88-48D8-B6CB-21113FE3CC69", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "605B4EE9-57FA-4179-B430-7498148AC9C8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.0:*:*:*:*:*:*:*", matchCriteriaId: "228613D9-EFEB-43E2-BDBC-8D36A2993ED9", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.1:*:*:*:*:*:*:*", matchCriteriaId: "5C47C5D5-05B5-4503-A8A3-AB26C44566FC", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.2:*:*:*:*:*:*:*", matchCriteriaId: "77360E54-2092-4CA8-901D-EA9D70303BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.0:*:*:*:*:*:*:*", matchCriteriaId: "EEC62987-7602-44F3-B623-A39BD02D9234", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "0D5F42E8-B943-4F63-B1F9-525E96B7D880", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.2:*:*:*:*:*:*:*", matchCriteriaId: "864B9E0E-1D85-4120-8B58-D4298F0AA9D2", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.3:*:*:*:*:*:*:*", matchCriteriaId: "291971FE-7096-43E7-882A-AD01D14B8C45", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.4:*:*:*:*:*:*:*", matchCriteriaId: "0164D9DA-0327-4644-B455-A92311C6AE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.5:*:*:*:*:*:*:*", matchCriteriaId: "7DDEF7D0-A1E9-414B-A689-240C5DE683D1", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.0:*:*:*:*:*:*:*", matchCriteriaId: "29978BE7-7E5B-4FF5-B35E-F7F0FD9E15B8", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.1:*:*:*:*:*:*:*", matchCriteriaId: "23130573-5884-4DC3-9F12-336B9D6807B6", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.2:*:*:*:*:*:*:*", matchCriteriaId: "7D4D3880-C419-4741-ACBB-AC087A3A4BAC", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.3:*:*:*:*:*:*:*", matchCriteriaId: "389CE800-E958-4240-BDD6-56AB4A7A3859", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4:*:*:*:*:*:*:*", matchCriteriaId: "A6090283-B39F-4D8C-9756-5248A344509B", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E860AF3D-019C-4533-AF38-8251C34F6EC5", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "A7760469-C409-473F-BD0E-6D52460324F2", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.5:*:*:*:*:*:*:*", matchCriteriaId: "887CC2E2-8736-4B12-991C-0C7576ED00CE", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:0.8.0:*:*:*:*:*:*:*", matchCriteriaId: "B5840AA1-C17A-4FCE-9299-648D002247C0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.", }, { lang: "es", value: "La plantilla lxc-sshd (templates/lxc-sshd.in) en LXC anterior a 1.0.0.beta2 utiliza permisos de lectura-escritura cuando monta /sbin/init, lo que permite a usuarios locales ganar privilegios mediante la modificación del archivo init.", }, ], id: "CVE-2013-6441", lastModified: "2024-11-21T01:59:14.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-14T15:55:05.237", references: [ { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-2104-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045", }, { source: "secalert@redhat.com", url: "https://github.com/dotcloud/lxc/pull/1", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2104-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/dotcloud/lxc/pull/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-09 08:59
Modified
2024-11-21 02:43
Severity ?
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:rc1:*:*:*:*:*:*", matchCriteriaId: "174CEA20-CA6F-44BE-AC6F-301CE073C7EE", versionEndIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.", }, { lang: "es", value: "Se ha descubierto un problema en Linux Containers (LXC) en versiones anteriores a 22-02-2016. Cuando se ejecuta un programa a través de lxc-attach, la sesión no privada puede escapar a la sesión parental utilizando el ioctl TIOCSTI para presionar caracteres en el búfer de entrada del terminal, permitiendo a un atacante escapar del contenedor.", }, ], id: "CVE-2016-10124", lastModified: "2024-11-21T02:43:21.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-09T08:59:00.153", references: [ { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2014/12/15/5", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/09/03/5", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95404", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201711-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2014/12/15/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/09/03/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201711-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:25
Severity ?
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25", versionEndIncluding: "1.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.", }, { lang: "es", value: "Vulnerabilidad en lxclock.c en LXC 1.1.2 y versiones anteriores, permite a usuarios locales crear archivos arbitrarios a través de un ataque symlink en /run/lock/lxc/*.", }, ], id: "CVE-2015-1331", lastModified: "2024-11-21T02:25:11.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:N/I:C/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-12T14:59:03.823", references: [ { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { source: "security@ubuntu.com", url: "http://www.debian.org/security/2015/dsa-3317", }, { source: "security@ubuntu.com", url: "http://www.securityfocus.com/bid/75999", }, { source: "security@ubuntu.com", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { source: "security@ubuntu.com", tags: [ "Exploit", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", }, { source: "security@ubuntu.com", url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", }, { source: "security@ubuntu.com", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-01 06:15
Modified
2024-11-21 07:32
Severity ?
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "56BE1A46-7BA1-4936-A2D1-723150A220BA", versionEndIncluding: "5.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.", }, { lang: "es", value: "lxc-user-nic en lxc hasta 5.0.1 está instalado con setuid root y puede permitir a los usuarios locales inferir si existe algún archivo, incluso dentro de un árbol de directorios protegido, porque \"Error al abrir\" a menudo indica que un archivo no existe. mientras que \"no se refiere a una ruta de espacio de nombres de red\" a menudo indica que existe un archivo. NOTA: esto es diferente de CVE-2018-6556 porque el diseño de la corrección CVE-2018-6556 se basó en la premisa de que \"informaremos al usuario que open() falló pero el usuario no tiene forma de saber por qué\". fallido\"; sin embargo, en muchos casos realistas, no hay razones plausibles para fallar excepto que el archivo no existe.", }, ], id: "CVE-2022-47952", lastModified: "2024-11-21T07:32:37.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-01T06:15:09.860", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/MaherAzzouzi/CVE-2022-47952", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/MaherAzzouzi/CVE-2022-47952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-01 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * | |
linuxcontainers | lxc | 1.1.0 | |
linuxcontainers | lxc | 1.1.1 | |
linuxcontainers | lxc | 1.1.2 | |
linuxcontainers | lxc | 1.1.3 | |
canonical | ubuntu_linux | 14.04 | |
canonical | ubuntu_linux | 15.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "DB7C740C-6A6C-4282-A3E2-A0235E0B0CD0", versionEndIncluding: "1.0.7", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "CC5A5655-2884-40DA-9727-63F3DD0CE414", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9C9ECBC3-1412-4965-86B0-AE8406CE9575", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.2:*:*:*:*:*:*:*", matchCriteriaId: "42727902-18EA-4A84-A794-837F7A26690C", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.3:*:*:*:*:*:*:*", matchCriteriaId: "B7E279D4-3B92-4548-AA15-A7CD8348D877", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.", }, { lang: "es", value: "lxc-start en lxc en versiones anteriores a 1.0.8 y 1.1x en versiones anteriores a 1.1.4, permite a los administradores locales del contenedor escapar del confinamiento AppArmor a través de un ataque de enlace simbólico en un (1) montaje destino o (2) enlace a la fuente de montaje.", }, ], id: "CVE-2015-1335", lastModified: "2024-11-21T02:25:11.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-10-01T20:59:00.100", references: [ { source: "security@ubuntu.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html", }, { source: "security@ubuntu.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html", }, { source: "security@ubuntu.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html", }, { source: "security@ubuntu.com", url: "http://www.debian.org/security/2015/dsa-3400", }, { source: "security@ubuntu.com", url: "http://www.openwall.com/lists/oss-security/2015/09/29/4", }, { source: "security@ubuntu.com", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "security@ubuntu.com", url: "http://www.securityfocus.com/bid/76894", }, { source: "security@ubuntu.com", url: "http://www.ubuntu.com/usn/USN-2753-1", }, { source: "security@ubuntu.com", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", }, { source: "security@ubuntu.com", url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", }, { source: "security@ubuntu.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3400", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/09/29/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/76894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2753-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-14 17:59
Modified
2024-11-21 03:28
Severity ?
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
linuxcontainers | lxc | * | |
linuxcontainers | lxc | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "CD42973B-545C-4D49-8DDA-CB3A9D6C68F5", versionEndIncluding: "1.0.9", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "A326DD9B-29E6-4253-8270-B9D85FF0E8AF", versionEndIncluding: "2.0.6", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.", }, { lang: "es", value: "lxc-user-nic en Linux Containers (LXC) permite a usuarios locales con una asignación lxc-usernet crear interfaces de red en el host y elegir el nombre de esas interfaces aprovechando la falta de verificación de propiedad de netns.", }, ], id: "CVE-2017-5985", lastModified: "2024-11-21T03:28:50.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-14T17:59:00.183", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/03/09/4", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96777", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3224-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2017/03/09/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-3224-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-11 19:29
Modified
2024-11-21 04:45
Severity ?
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", matchCriteriaId: "A367C4FA-18DF-402F-B120-254B35F73BD1", versionEndExcluding: "18.09.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", matchCriteriaId: "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5", versionEndIncluding: "0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "949172CC-EBB5-47F6-B987-207C802EED0F", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*", matchCriteriaId: "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*", matchCriteriaId: "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*", matchCriteriaId: "093326B1-448C-4E3B-886D-CAC8B6813BFF", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*", matchCriteriaId: "F672C421-789D-4F21-B483-DA3EB251BA1D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*", matchCriteriaId: "48FAFDE5-1E73-4874-8F2E-3C74B1955096", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*", matchCriteriaId: "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E9955945-7509-4542-BF83-B7BA0B4D8D05", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*", matchCriteriaId: "3C2EB454-D0C9-47FC-B727-1D61A8811967", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "1AF77BB2-6F7A-408A-9F54-60F1F53B3709", versionEndExcluding: "3.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*", matchCriteriaId: "41FF9E5A-7BD1-477E-9875-8525FD87B13F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "CA0695E0-954A-4533-9D93-58257E9EA6D5", versionEndExcluding: "1.4.3", versionStartIncluding: "1.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "B51B8DF0-FCE4-42A7-A582-0476226C6188", versionEndExcluding: "1.5.3", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "01878119-E05A-469B-B49D-5D19082CED28", versionEndExcluding: "1.6.2", versionStartIncluding: "1.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", matchCriteriaId: "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C", versionEndExcluding: "1.7.2", versionStartIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", matchCriteriaId: "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", vulnerable: true, }, { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "632B24FA-F2D6-42B0-87C7-7F142E15EFC7", versionEndExcluding: "2.2.0-1.13.3", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "0AD20FA7-737F-47C0-B2AC-735438253AA9", versionEndExcluding: "1.10.10", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "5E5AE03E-3AC4-4439-9D0D-45E097B2552C", versionEndExcluding: "1.11.9", versionStartIncluding: "1.10.11", vulnerable: true, }, { criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", matchCriteriaId: "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5", versionEndExcluding: "1.12.1", versionStartIncluding: "1.11.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*", matchCriteriaId: "2DCFB2E7-D769-4365-9B99-952907563749", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*", matchCriteriaId: "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*", matchCriteriaId: "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0", vulnerable: true, }, { criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*", matchCriteriaId: "82C0FD9D-6117-40DE-9386-7327867F9615", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", }, { lang: "es", value: "runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe.", }, ], id: "CVE-2019-5736", lastModified: "2024-11-21T04:45:24.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-11T19:29:00.297", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106976", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rancher/runc-cve", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46359/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46369/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Third Party Advisory", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rancher/runc-cve", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46359/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46369/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-10 15:29
Modified
2024-11-21 04:10
Severity ?
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
canonical | ubuntu_linux | 18.04 | |
linuxcontainers | lxc | * | |
linuxcontainers | lxc | * | |
suse | caas_platform | 1.0 | |
suse | caas_platform | 2.0 | |
suse | openstack_cloud | 6 | |
suse | suse_linux_enterprise_server | 11 | |
suse | suse_linux_enterprise_server | 11 | |
opensuse | leap | 15.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "6930BFF7-B9DE-4C00-9417-01142E02D009", versionEndIncluding: "2.0.9", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", matchCriteriaId: "5618B173-83E7-4BFC-8AE8-22D6CDA7EB3A", versionEndExcluding: "3.0.2", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:suse:caas_platform:1.0:*:*:*:*:*:*:*", matchCriteriaId: "44BF9D66-26B1-4BEA-BFA1-9115D06F0C06", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:caas_platform:2.0:*:*:*:*:*:*:*", matchCriteriaId: "85D9542F-8D5A-430B-9804-B8170E067CCE", vulnerable: true, }, { criteria: "cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*", matchCriteriaId: "53945BEC-81F5-44F8-8035-7A4E5E2DA5B3", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:ltss:*:*:*", matchCriteriaId: "657C3582-75D1-4724-921C-FD4325D6D1D0", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*", matchCriteriaId: "41E76620-EC14-4D2B-828F-53F26DEA5DDC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.", }, { lang: "es", value: "Cuando se solicita a lxc-user-nic que elimine una interfaz de red, abrirá de forma incondicional una ruta proporcionada por el usuario. Esta ruta de código podría ser empleada por un usuario sin privilegios para comprobar la existencia de una ruta que no hubiese podido alcanzar de otra forma. También podría emplearse para desencadenar efectos secundarios provocando la apertura (solo lectura) de archivos especiales del kernel (ptmx, proc, sys). Los productos afectados son LXC: desde la versión 2.0 hasta después de la la 2.0.9 (incluida) y desde la versión 3.0 hasta después de la 3.0.0, anterior a la 3.0.2.", }, ], id: "CVE-2018-6556", lastModified: "2024-11-21T04:10:53.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-10T15:29:01.297", references: [ { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html", }, { source: "security@ubuntu.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "security@ubuntu.com", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "security@ubuntu.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", }, { source: "security@ubuntu.com", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=988348", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201808-02", }, { source: "security@ubuntu.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-3730-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=988348", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201808-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/usn/usn-3730-1", }, ], sourceIdentifier: "security@ubuntu.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-417", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2015-1335
Vulnerability from cvelistv5
Published
2015-10-01 20:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2015-9f8f4b182a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html", }, { name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html", }, { name: "DSA-3400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3400", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "76894", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/76894", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", }, { name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/09/29/4", }, { name: "USN-2753-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2753-1", }, { name: "FEDORA-2015-211974138f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html", }, { name: "FEDORA-2015-ebfe46536f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html", }, { name: "openSUSE-SU-2015:1717", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-29T00:00:00", descriptions: [ { lang: "en", value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-31T20:06:03", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "FEDORA-2015-9f8f4b182a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html", }, { name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html", }, { name: "DSA-3400", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3400", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "76894", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/76894", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", }, { name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/09/29/4", }, { name: "USN-2753-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2753-1", }, { name: "FEDORA-2015-211974138f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html", }, { name: "FEDORA-2015-ebfe46536f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html", }, { name: "openSUSE-SU-2015:1717", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", ID: "CVE-2015-1335", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2015-9f8f4b182a", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html", }, { name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases", refsource: "MLIST", url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html", }, { name: "DSA-3400", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3400", }, { name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "76894", refsource: "BID", url: "http://www.securityfocus.com/bid/76894", }, { name: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", refsource: "CONFIRM", url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be", }, { name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/09/29/4", }, { name: "USN-2753-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2753-1", }, { name: "FEDORA-2015-211974138f", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html", }, { name: "FEDORA-2015-ebfe46536f", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html", }, { name: "openSUSE-SU-2015:1717", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html", }, { name: "openSUSE-SU-2019:1481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2015-1335", datePublished: "2015-10-01T20:00:00", dateReserved: "2015-01-22T00:00:00", dateUpdated: "2024-08-06T04:40:18.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8649
Vulnerability from cvelistv5
Published
2017-05-01 06:08
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1398242 | x_refsource_CONFIRM | |
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345 | x_refsource_CONFIRM | |
https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c | x_refsource_CONFIRM | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465 | x_refsource_CONFIRM | |
https://security-tracker.debian.org/tracker/CVE-2016-8649 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/94498 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | LXC before 1.0.9 and 2.x before 2.0.6 |
Version: LXC before 1.0.9 and 2.x before 2.0.6 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:41.373Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-8649", }, { name: "94498", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94498", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LXC before 1.0.9 and 2.x before 2.0.6", vendor: "n/a", versions: [ { status: "affected", version: "LXC before 1.0.9 and 2.x before 2.0.6", }, ], }, ], datePublic: "2017-05-01T00:00:00", descriptions: [ { lang: "en", value: "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.", }, ], problemTypes: [ { descriptions: [ { description: "container bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-01T06:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security-tracker.debian.org/tracker/CVE-2016-8649", }, { name: "94498", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94498", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-8649", datePublished: "2017-05-01T06:08:00", dateReserved: "2016-10-12T00:00:00", dateUpdated: "2024-08-06T02:27:41.373Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-5736
Vulnerability from cvelistv5
Published
2019-02-11 00:00
Modified
2024-08-04 20:01
Severity ?
EPSS score ?
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:01:52.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { name: "RHSA-2019:0408", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { tags: [ "x_transferred", ], url: "https://github.com/rancher/runc-cve", }, { name: "RHSA-2019:0401", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { tags: [ "x_transferred", ], url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { tags: [ "x_transferred", ], url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { name: "RHSA-2019:0303", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { tags: [ "x_transferred", ], url: "https://github.com/q3k/cve-2019-5736-poc", }, { name: "46359", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46359/", }, { tags: [ "x_transferred", ], url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { tags: [ "x_transferred", ], url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { tags: [ "x_transferred", ], url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { name: "46369", tags: [ "exploit", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46369/", }, { name: "RHSA-2019:0304", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { tags: [ "x_transferred", ], url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { tags: [ "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { tags: [ "x_transferred", ], url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { tags: [ "x_transferred", ], url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { tags: [ "x_transferred", ], url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { name: "106976", tags: [ "vdb-entry", "x_transferred", ], url: "http://www.securityfocus.com/bid/106976", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { tags: [ "x_transferred", ], url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { tags: [ "x_transferred", ], url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { name: "openSUSE-SU-2019:1079", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "FEDORA-2019-bc70b381ad", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { name: "FEDORA-2019-6174b47003", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { tags: [ "x_transferred", ], url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { name: "RHSA-2019:0975", tags: [ "vendor-advisory", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { tags: [ "x_transferred", ], url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { tags: [ "x_transferred", ], url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:1444", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { name: "openSUSE-SU-2019:1499", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { name: "openSUSE-SU-2019:1506", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "USN-4048-1", tags: [ "vendor-advisory", "x_transferred", ], url: "https://usn.ubuntu.com/4048-1/", }, { name: "openSUSE-SU-2019:2021", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { name: "FEDORA-2019-2baa1f7b19", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { name: "FEDORA-2019-c1dac1b3b8", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:2245", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { name: "openSUSE-SU-2019:2286", tags: [ "vendor-advisory", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "GLSA-202003-21", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-21", }, { name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-11T00:00:00", descriptions: [ { lang: "en", value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T12:06:25.591627", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", }, { name: "RHSA-2019:0408", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0408", }, { url: "https://github.com/rancher/runc-cve", }, { name: "RHSA-2019:0401", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0401", }, { url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2", }, { url: "https://www.synology.com/security/advisory/Synology_SA_19_06", }, { url: "https://security.netapp.com/advisory/ntap-20190307-0008/", }, { name: "RHSA-2019:0303", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0303", }, { tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc", }, { url: "https://github.com/q3k/cve-2019-5736-poc", }, { name: "46359", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46359/", }, { url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", }, { url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", }, { url: "https://www.openwall.com/lists/oss-security/2019/02/11/2", }, { url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", }, { url: "https://access.redhat.com/security/cve/cve-2019-5736", }, { name: "46369", tags: [ "exploit", ], url: "https://www.exploit-db.com/exploits/46369/", }, { name: "RHSA-2019:0304", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0304", }, { url: "https://github.com/Frichetten/CVE-2019-5736-PoC", }, { url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", }, { url: "https://brauner.github.io/2019/02/12/privileged-containers.html", }, { url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", }, { url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", }, { name: "106976", tags: [ "vdb-entry", ], url: "http://www.securityfocus.com/bid/106976", }, { url: "https://access.redhat.com/security/vulnerabilities/runcescape", }, { url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967", }, { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E", }, { name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/03/23/1", }, { url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", }, { name: "openSUSE-SU-2019:1079", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "FEDORA-2019-bc70b381ad", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/", }, { name: "FEDORA-2019-6174b47003", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/", }, { url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", }, { name: "RHSA-2019:0975", tags: [ "vendor-advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:0975", }, { url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", }, { url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", }, { name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E", }, { name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:1444", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, { name: "openSUSE-SU-2019:1499", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html", }, { name: "openSUSE-SU-2019:1506", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html", }, { name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/06/28/2", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/3", }, { name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/07/06/4", }, { name: "USN-4048-1", tags: [ "vendor-advisory", ], url: "https://usn.ubuntu.com/4048-1/", }, { name: "openSUSE-SU-2019:2021", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html", }, { name: "FEDORA-2019-2baa1f7b19", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/", }, { name: "FEDORA-2019-c1dac1b3b8", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/", }, { name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E", }, { name: "openSUSE-SU-2019:2245", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html", }, { name: "openSUSE-SU-2019:2286", tags: [ "vendor-advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html", }, { name: "[oss-security] 20191023 Membership application for linux-distros - VMware", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/10/24/1", }, { name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2019/10/29/3", }, { name: "GLSA-202003-21", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202003-21", }, { name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E", }, { name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", tags: [ "mailing-list", ], url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", }, { url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", }, { url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", }, { name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/01/31/6", }, { name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/02/01/1", }, { name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2024/02/02/3", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-5736", datePublished: "2019-02-11T00:00:00", dateReserved: "2019-01-08T00:00:00", dateUpdated: "2024-08-04T20:01:52.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6441
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
References
▼ | URL | Tags |
---|---|---|
http://www.ubuntu.com/usn/USN-2104-1 | vendor-advisory, x_refsource_UBUNTU | |
https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045 | x_refsource_CONFIRM | |
https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 | x_refsource_CONFIRM | |
https://github.com/dotcloud/lxc/pull/1 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:39:01.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2104-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2104-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/dotcloud/lxc/pull/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-12T00:00:00", descriptions: [ { lang: "en", value: "The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-14T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2104-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2104-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/dotcloud/lxc/pull/1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-6441", datePublished: "2014-02-14T15:00:00", dateReserved: "2013-11-04T00:00:00", dateUpdated: "2024-08-06T17:39:01.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-5985
Vulnerability from cvelistv5
Published
2017-03-14 17:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
References
▼ | URL | Tags |
---|---|---|
https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html | mailing-list, x_refsource_MLIST | |
https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/96777 | vdb-entry, x_refsource_BID | |
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-3224-1 | vendor-advisory, x_refsource_UBUNTU | |
http://www.openwall.com/lists/oss-security/2017/03/09/4 | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:18:49.414Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", }, { name: "96777", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96777", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", }, { name: "USN-3224-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-3224-1", }, { name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2017/03/09/4", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-09T00:00:00", descriptions: [ { lang: "en", value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-31T20:06:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", }, { name: "96777", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96777", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", }, { name: "USN-3224-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-3224-1", }, { name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2017/03/09/4", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-5985", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)", refsource: "MLIST", url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html", }, { name: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", refsource: "CONFIRM", url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9", }, { name: "96777", refsource: "BID", url: "http://www.securityfocus.com/bid/96777", }, { name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676", }, { name: "USN-3224-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-3224-1", }, { name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2017/03/09/4", }, { name: "openSUSE-SU-2019:1481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-5985", datePublished: "2017-03-14T17:00:00", dateReserved: "2017-02-13T00:00:00", dateUpdated: "2024-08-05T15:18:49.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47952
Vulnerability from cvelistv5
Published
2023-01-01 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274", }, { tags: [ "x_transferred", ], url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104", }, { tags: [ "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45", }, { tags: [ "x_transferred", ], url: "https://github.com/MaherAzzouzi/CVE-2022-47952", }, { name: "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-21T22:06:16.179646", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274", }, { url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104", }, { url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45", }, { url: "https://github.com/MaherAzzouzi/CVE-2022-47952", }, { name: "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47952", datePublished: "2023-01-01T00:00:00", dateReserved: "2022-12-24T00:00:00", dateUpdated: "2024-08-03T15:02:36.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1331
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2015/dsa-3317 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/75999 | vdb-entry, x_refsource_BID | |
http://www.ubuntu.com/usn/USN-2675-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html | vendor-advisory, x_refsource_SUSE | |
https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html | x_refsource_MISC | |
https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6 | x_refsource_CONFIRM | |
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3317", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "75999", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75999", }, { name: "USN-2675-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-22T00:00:00", descriptions: [ { lang: "en", value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-31T20:06:03", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "DSA-3317", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "75999", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75999", }, { name: "USN-2675-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { tags: [ "x_refsource_MISC", ], url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", ID: "CVE-2015-1331", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3317", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "75999", refsource: "BID", url: "http://www.securityfocus.com/bid/75999", }, { name: "USN-2675-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { name: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", refsource: "MISC", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { name: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", refsource: "CONFIRM", url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6", }, { name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842", }, { name: "openSUSE-SU-2019:1481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2015-1331", datePublished: "2015-08-12T14:00:00", dateReserved: "2015-01-22T00:00:00", dateUpdated: "2024-08-06T04:40:18.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18641
Vulnerability from cvelistv5
Published
2020-02-10 00:30
Modified
2024-08-05 21:28
Severity ?
EPSS score ?
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
References
▼ | URL | Tags |
---|---|---|
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:28:55.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-10T00:30:50", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18641", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", refsource: "MISC", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18641", datePublished: "2020-02-10T00:30:50", dateReserved: "2020-02-10T00:00:00", dateUpdated: "2024-08-05T21:28:55.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-6556
Vulnerability from cvelistv5
Published
2018-08-10 15:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/usn/usn-3730-1 | vendor-advisory, x_refsource_UBUNTU | |
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591 | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/201808-02 | vendor-advisory, x_refsource_GENTOO | |
https://bugzilla.suse.com/show_bug.cgi?id=988348 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:10:10.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3730-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/usn/usn-3730-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", }, { name: "GLSA-201808-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201808-02", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=988348", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1230", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "LXC", vendor: "n/a", versions: [ { lessThan: "2.0*", status: "affected", version: "2.0.9", versionType: "custom", }, { changes: [ { at: "3.0.2", status: "unaffected", }, ], lessThan: "3.0*", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Matthias Gerstner from SUSE", }, ], datePublic: "2018-08-06T00:00:00", descriptions: [ { lang: "en", value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.", }, ], problemTypes: [ { descriptions: [ { description: "Incorrect access control", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-31T20:06:03", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "USN-3730-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/usn/usn-3730-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", }, { name: "GLSA-201808-02", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201808-02", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=988348", }, { name: "openSUSE-SU-2019:1227", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1230", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html", }, { name: "openSUSE-SU-2019:1275", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], source: { advisory: "USN-3730-1", defect: [ "1783591", ], discovery: "EXTERNAL", }, title: "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", DATE_PUBLIC: "2018-08-06T16:00:00.000Z", ID: "CVE-2018-6556", STATE: "PUBLIC", TITLE: "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "LXC", version: { version_data: [ { affected: ">=", version_affected: ">=", version_name: "2.0", version_value: "2.0.9", }, { affected: ">=", version_affected: ">=", version_name: "3.0", version_value: "3.0.0", }, { affected: "<", version_affected: "<", version_name: "3.0", version_value: "3.0.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, credit: [ { lang: "eng", value: "Matthias Gerstner from SUSE", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Incorrect access control", }, ], }, ], }, references: { reference_data: [ { name: "USN-3730-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/usn/usn-3730-1", }, { name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", refsource: "CONFIRM", url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591", }, { name: "GLSA-201808-02", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201808-02", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=988348", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=988348", }, { name: "openSUSE-SU-2019:1227", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html", }, { name: "openSUSE-SU-2019:1230", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html", }, { name: "openSUSE-SU-2019:1275", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html", }, { name: "openSUSE-SU-2019:1481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], }, source: { advisory: "USN-3730-1", defect: [ "1783591", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2018-6556", datePublished: "2018-08-10T15:00:00Z", dateReserved: "2018-02-02T00:00:00", dateUpdated: "2024-09-17T03:38:26.856Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-1334
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2015/dsa-3317 | vendor-advisory, x_refsource_DEBIAN | |
http://www.ubuntu.com/usn/USN-2675-1 | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html | vendor-advisory, x_refsource_SUSE | |
http://www.securityfocus.com/bid/75998 | vdb-entry, x_refsource_BID | |
https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html | x_refsource_MISC | |
https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:40:18.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3317", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "USN-2675-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { name: "75998", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75998", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", }, { name: "openSUSE-SU-2015:1317", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-16T00:00:00", descriptions: [ { lang: "en", value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-31T20:06:03", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { name: "DSA-3317", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "USN-2675-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { name: "75998", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75998", }, { tags: [ "x_refsource_MISC", ], url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", }, { name: "openSUSE-SU-2015:1317", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html", }, { name: "openSUSE-SU-2019:1481", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@ubuntu.com", ID: "CVE-2015-1334", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3317", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3317", }, { name: "USN-2675-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2675-1", }, { name: "openSUSE-SU-2015:1315", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html", }, { name: "75998", refsource: "BID", url: "http://www.securityfocus.com/bid/75998", }, { name: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", refsource: "MISC", url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html", }, { name: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", refsource: "CONFIRM", url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e", }, { name: "openSUSE-SU-2015:1317", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html", }, { name: "openSUSE-SU-2019:1481", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2015-1334", datePublished: "2015-08-12T14:00:00", dateReserved: "2015-01-22T00:00:00", dateUpdated: "2024-08-06T04:40:18.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10124
Vulnerability from cvelistv5
Published
2017-01-09 08:48
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC | |
http://www.securityfocus.com/bid/95404 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2015/09/03/5 | x_refsource_MISC | |
https://security.gentoo.org/glsa/201711-09 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:14:42.026Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/12/15/5", }, { name: "95404", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95404", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/09/03/5", }, { name: "GLSA-201711-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201711-09", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-09T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-12T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2014/12/15/5", }, { name: "95404", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95404", }, { tags: [ "x_refsource_MISC", ], url: "http://www.openwall.com/lists/oss-security/2015/09/03/5", }, { name: "GLSA-201711-09", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201711-09", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10124", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.openwall.com/lists/oss-security/2014/12/15/5", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2014/12/15/5", }, { name: "95404", refsource: "BID", url: "http://www.securityfocus.com/bid/95404", }, { name: "http://www.openwall.com/lists/oss-security/2015/09/03/5", refsource: "MISC", url: "http://www.openwall.com/lists/oss-security/2015/09/03/5", }, { name: "GLSA-201711-09", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201711-09", }, { name: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", refsource: "CONFIRM", url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10124", datePublished: "2017-01-09T08:48:00", dateReserved: "2017-01-09T00:00:00", dateUpdated: "2024-08-06T03:14:42.026Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }