Search criteria
35 vulnerabilities found for lxc by linuxcontainers
CVE-2026-39402 (GCVE-0-2026-39402)
Vulnerability from nvd – Published: 2026-05-05 20:45 – Updated: 2026-05-06 14:57
VLAI
Title
lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion
Summary
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a deletion request, the interface name comparison can set the authorization flag based on a name match alone, even when the ownership, type, and link fields in that database entry belong to a different user. The vulnerable check sits after the goto next label handling, meaning it is reachable on lines where earlier ownership checks failed or were skipped. Because nothing downstream of this authorization signal re-verifies that the matched database line actually belongs to the caller, an unprivileged attacker with a valid lxc-usernet policy entry can trigger deletion of another user's OVS port on the same bridge.
This is limited to multi-tenant environments using lxc-user-nic with OpenVSwitch bridges. The impact is denial of service - one tenant can repeatedly disconnect networking from containers run by another tenant on shared infrastructure. This is patched in version 7.0.0.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/lxc/lxc/security/advisories/GH… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39402",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:57:00.498118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:57:40.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lxc",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a deletion request, the interface name comparison can set the authorization flag based on a name match alone, even when the ownership, type, and link fields in that database entry belong to a different user. The vulnerable check sits after the goto next label handling, meaning it is reachable on lines where earlier ownership checks failed or were skipped. Because nothing downstream of this authorization signal re-verifies that the matched database line actually belongs to the caller, an unprivileged attacker with a valid lxc-usernet policy entry can trigger deletion of another user\u0027s OVS port on the same bridge. \n\nThis is limited to multi-tenant environments using lxc-user-nic with OpenVSwitch bridges. The impact is denial of service - one tenant can repeatedly disconnect networking from containers run by another tenant on shared infrastructure. This is patched in version 7.0.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T20:45:24.107Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq"
}
],
"source": {
"advisory": "GHSA-3m9j-g9gc-vcvq",
"discovery": "UNKNOWN"
},
"title": "lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39402",
"datePublished": "2026-05-05T20:45:24.107Z",
"dateReserved": "2026-04-06T22:06:40.517Z",
"dateUpdated": "2026-05-06T14:57:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-47952 (GCVE-0-2022-47952)
Vulnerability from nvd – Published: 2023-01-01 00:00 – Updated: 2025-04-10 19:16
VLAI
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
Severity
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"name": "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T19:15:58.513634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T19:16:28.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T22:06:16.179Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"name": "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47952",
"datePublished": "2023-01-01T00:00:00.000Z",
"dateReserved": "2022-12-24T00:00:00.000Z",
"dateUpdated": "2025-04-10T19:16:28.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18641 (GCVE-0-2017-18641)
Vulnerability from nvd – Published: 2020-02-10 00:30 – Updated: 2024-08-05 21:28
VLAI
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T00:30:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18641",
"datePublished": "2020-02-10T00:30:50.000Z",
"dateReserved": "2020-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:28:55.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5736 (GCVE-0-2019-5736)
Vulnerability from nvd – Published: 2019-02-11 00:00 – Updated: 2024-08-04 20:01
VLAI
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
66 references
Date Public
2019-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"tags": [
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T12:06:25.591Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5736",
"datePublished": "2019-02-11T00:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:52.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6556 (GCVE-0-2018-6556)
Vulnerability from nvd – Published: 2018-08-10 15:00 – Updated: 2024-09-17 03:38
VLAI
Title
The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
Severity
No CVSS data available.
CWE
- Incorrect access control
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/usn/usn-3730-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201808-02 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=988348 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
Date Public
2018-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3730-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXC",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.0*",
"status": "affected",
"version": "2.0.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "3.0.2",
"status": "unaffected"
}
],
"lessThan": "3.0*",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner from SUSE"
}
],
"datePublic": "2018-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3730-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"source": {
"advisory": "USN-3730-1",
"defect": [
"1783591"
],
"discovery": "EXTERNAL"
},
"title": "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-08-06T16:00:00.000Z",
"ID": "CVE-2018-6556",
"STATE": "PUBLIC",
"TITLE": "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXC",
"version": {
"version_data": [
{
"affected": "\u003e=",
"version_affected": "\u003e=",
"version_name": "2.0",
"version_value": "2.0.9"
},
{
"affected": "\u003e=",
"version_affected": "\u003e=",
"version_name": "3.0",
"version_value": "3.0.0"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner from SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3730-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=988348",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
},
"source": {
"advisory": "USN-3730-1",
"defect": [
"1783591"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-6556",
"datePublished": "2018-08-10T15:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:26.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8649 (GCVE-0-2016-8649)
Vulnerability from nvd – Published: 2017-05-01 06:08 – Updated: 2024-08-06 02:27
VLAI
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
Severity
No CVSS data available.
CWE
- container bypass
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1398242 | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| https://github.com/lxc/lxc/commit/81f466d05f2a89c… | x_refsource_CONFIRM |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94498 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | LXC before 1.0.9 and 2.x before 2.0.6 |
Affected:
LXC before 1.0.9 and 2.x before 2.0.6
|
Date Public
2017-05-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"name": "94498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXC before 1.0.9 and 2.x before 2.0.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LXC before 1.0.9 and 2.x before 2.0.6"
}
]
}
],
"datePublic": "2017-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host\u0027s /proc, to access the rest of the host\u0027s filesystem via the openat() family of syscalls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "container bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T06:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"name": "94498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94498"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8649",
"datePublished": "2017-05-01T06:08:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5985 (GCVE-0-2017-5985)
Vulnerability from nvd – Published: 2017-03-14 17:00 – Updated: 2024-08-05 15:18
VLAI
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://lists.linuxcontainers.org/pipermail/lxc-d… | mailing-listx_refsource_MLIST |
| https://github.com/lxc/lxc/commit/16af238036a5464… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96777 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-3224-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2017/03/09/4 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"refsource": "MLIST",
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"name": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96777"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5985",
"datePublished": "2017-03-14T17:00:00.000Z",
"dateReserved": "2017-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10124 (GCVE-0-2016-10124)
Vulnerability from nvd – Published: 2017-01-09 08:48 – Updated: 2024-08-06 03:14
VLAI
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| http://www.securityfocus.com/bid/95404 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/09/03/5 | x_refsource_MISC |
| https://security.gentoo.org/glsa/201711-09 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/lxc/lxc/commit/e986ea3dfa4a295… | x_refsource_CONFIRM |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95404"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal\u0027s input buffer, allowing an attacker to escape the container."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-12T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95404"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal\u0027s input buffer, allowing an attacker to escape the container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2014/12/15/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95404"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/09/03/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"name": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10124",
"datePublished": "2017-01-09T08:48:00.000Z",
"dateReserved": "2017-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1335 (GCVE-0-2015-1335)
Vulnerability from nvd – Published: 2015-10-01 20:00 – Updated: 2024-08-06 04:40
VLAI
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2015-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-9f8f4b182a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "FEDORA-2015-9f8f4b182a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-9f8f4b182a",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"refsource": "MLIST",
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76894"
},
{
"name": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1335",
"datePublished": "2015-10-01T20:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:40:18.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1334 (GCVE-0-2015-1334)
Vulnerability from nvd – Published: 2015-08-12 14:00 – Updated: 2024-08-06 04:40
VLAI
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3317 | vendor-advisoryx_refsource_DEBIAN |
| http://www.ubuntu.com/usn/USN-2675-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/75998 | vdb-entryx_refsource_BID |
| https://service.ait.ac.at/security/2015/LxcSecuri… | x_refsource_MISC |
| https://github.com/lxc/lxc/commit/5c3fcae78b63ac9… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "USN-2675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e"
},
{
"name": "openSUSE-SU-2015:1317",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "DSA-3317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "USN-2675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"name": "75998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e"
},
{
"name": "openSUSE-SU-2015:1317",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3317",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "USN-2675-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"name": "75998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75998"
},
{
"name": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
"refsource": "MISC",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"name": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e"
},
{
"name": "openSUSE-SU-2015:1317",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1334",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:40:18.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1331 (GCVE-0-2015-1331)
Vulnerability from nvd – Published: 2015-08-12 14:00 – Updated: 2024-08-06 04:40
VLAI
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2015/dsa-3317 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/75999 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-2675-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| https://service.ait.ac.at/security/2015/LxcSecuri… | x_refsource_MISC |
| https://github.com/lxc/lxc/commit/72cf81f6a3404e3… | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2015-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "75999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75999"
},
{
"name": "USN-2675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "DSA-3317",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "75999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75999"
},
{
"name": "USN-2675-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3317",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"name": "75999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75999"
},
{
"name": "USN-2675-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"name": "openSUSE-SU-2015:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"name": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
"refsource": "MISC",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"name": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1331",
"datePublished": "2015-08-12T14:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:40:18.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-39402 (GCVE-0-2026-39402)
Vulnerability from cvelistv5 – Published: 2026-05-05 20:45 – Updated: 2026-05-06 14:57
VLAI
Title
lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion
Summary
lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a deletion request, the interface name comparison can set the authorization flag based on a name match alone, even when the ownership, type, and link fields in that database entry belong to a different user. The vulnerable check sits after the goto next label handling, meaning it is reachable on lines where earlier ownership checks failed or were skipped. Because nothing downstream of this authorization signal re-verifies that the matched database line actually belongs to the caller, an unprivileged attacker with a valid lxc-usernet policy entry can trigger deletion of another user's OVS port on the same bridge.
This is limited to multi-tenant environments using lxc-user-nic with OpenVSwitch bridges. The impact is denial of service - one tenant can repeatedly disconnect networking from containers run by another tenant on shared infrastructure. This is patched in version 7.0.0.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/lxc/lxc/security/advisories/GH… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39402",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:57:00.498118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:57:40.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lxc",
"vendor": "lxc",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a deletion request, the interface name comparison can set the authorization flag based on a name match alone, even when the ownership, type, and link fields in that database entry belong to a different user. The vulnerable check sits after the goto next label handling, meaning it is reachable on lines where earlier ownership checks failed or were skipped. Because nothing downstream of this authorization signal re-verifies that the matched database line actually belongs to the caller, an unprivileged attacker with a valid lxc-usernet policy entry can trigger deletion of another user\u0027s OVS port on the same bridge. \n\nThis is limited to multi-tenant environments using lxc-user-nic with OpenVSwitch bridges. The impact is denial of service - one tenant can repeatedly disconnect networking from containers run by another tenant on shared infrastructure. This is patched in version 7.0.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T20:45:24.107Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq"
}
],
"source": {
"advisory": "GHSA-3m9j-g9gc-vcvq",
"discovery": "UNKNOWN"
},
"title": "lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39402",
"datePublished": "2026-05-05T20:45:24.107Z",
"dateReserved": "2026-04-06T22:06:40.517Z",
"dateUpdated": "2026-05-06T14:57:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-47952 (GCVE-0-2022-47952)
Vulnerability from cvelistv5 – Published: 2023-01-01 00:00 – Updated: 2025-04-10 19:16
VLAI
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
Severity
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"name": "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T19:15:58.513634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T19:16:28.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-21T22:06:16.179Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"name": "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47952",
"datePublished": "2023-01-01T00:00:00.000Z",
"dateReserved": "2022-12-24T00:00:00.000Z",
"dateUpdated": "2025-04-10T19:16:28.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18641 (GCVE-0-2017-18641)
Vulnerability from cvelistv5 – Published: 2020-02-10 00:30 – Updated: 2024-08-05 21:28
VLAI
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:28:55.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T00:30:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18641",
"datePublished": "2020-02-10T00:30:50.000Z",
"dateReserved": "2020-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:28:55.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5736 (GCVE-0-2019-5736)
Vulnerability from cvelistv5 – Published: 2019-02-11 00:00 – Updated: 2024-08-04 20:01
VLAI
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
66 references
Date Public
2019-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"tags": [
"x_transferred"
],
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"tags": [
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T12:06:25.591Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"name": "RHSA-2019:0408",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"url": "https://github.com/rancher/runc-cve"
},
{
"name": "RHSA-2019:0401",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"name": "RHSA-2019:0303",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"name": "46359",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"name": "46369",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"name": "RHSA-2019:0304",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"name": "106976",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "FEDORA-2019-bc70b381ad",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"name": "FEDORA-2019-6174b47003",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"name": "RHSA-2019:0975",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "openSUSE-SU-2019:2021",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"name": "FEDORA-2019-2baa1f7b19",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"name": "FEDORA-2019-c1dac1b3b8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2245",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"name": "openSUSE-SU-2019:2286",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"name": "[oss-security] 20191023 Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"name": "GLSA-202003-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-5736",
"datePublished": "2019-02-11T00:00:00.000Z",
"dateReserved": "2019-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:01:52.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6556 (GCVE-0-2018-6556)
Vulnerability from cvelistv5 – Published: 2018-08-10 15:00 – Updated: 2024-09-17 03:38
VLAI
Title
The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
Severity
No CVSS data available.
CWE
- Incorrect access control
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://usn.ubuntu.com/usn/usn-3730-1 | vendor-advisoryx_refsource_UBUNTU |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201808-02 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.suse.com/show_bug.cgi?id=988348 | x_refsource_CONFIRM |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
Date Public
2018-08-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3730-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXC",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.0*",
"status": "affected",
"version": "2.0.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "3.0.2",
"status": "unaffected"
}
],
"lessThan": "3.0*",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner from SUSE"
}
],
"datePublic": "2018-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3730-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"source": {
"advisory": "USN-3730-1",
"defect": [
"1783591"
],
"discovery": "EXTERNAL"
},
"title": "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-08-06T16:00:00.000Z",
"ID": "CVE-2018-6556",
"STATE": "PUBLIC",
"TITLE": "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LXC",
"version": {
"version_data": [
{
"affected": "\u003e=",
"version_affected": "\u003e=",
"version_name": "2.0",
"version_value": "2.0.9"
},
{
"affected": "\u003e=",
"version_affected": "\u003e=",
"version_name": "3.0",
"version_value": "3.0.0"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "3.0",
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner from SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3730-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"name": "GLSA-201808-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=988348",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"name": "openSUSE-SU-2019:1227",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"name": "openSUSE-SU-2019:1230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"name": "openSUSE-SU-2019:1275",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
},
"source": {
"advisory": "USN-3730-1",
"defect": [
"1783591"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-6556",
"datePublished": "2018-08-10T15:00:00.000Z",
"dateReserved": "2018-02-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:26.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8649 (GCVE-0-2016-8649)
Vulnerability from cvelistv5 – Published: 2017-05-01 06:08 – Updated: 2024-08-06 02:27
VLAI
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
Severity
No CVSS data available.
CWE
- container bypass
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1398242 | x_refsource_CONFIRM |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| https://github.com/lxc/lxc/commit/81f466d05f2a89c… | x_refsource_CONFIRM |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_CONFIRM |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94498 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | LXC before 1.0.9 and 2.x before 2.0.6 |
Affected:
LXC before 1.0.9 and 2.x before 2.0.6
|
Date Public
2017-05-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"name": "94498",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LXC before 1.0.9 and 2.x before 2.0.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LXC before 1.0.9 and 2.x before 2.0.6"
}
]
}
],
"datePublic": "2017-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host\u0027s /proc, to access the rest of the host\u0027s filesystem via the openat() family of syscalls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "container bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T06:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"name": "94498",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94498"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8649",
"datePublished": "2017-05-01T06:08:00.000Z",
"dateReserved": "2016-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:27:41.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5985 (GCVE-0-2017-5985)
Vulnerability from cvelistv5 – Published: 2017-03-14 17:00 – Updated: 2024-08-05 15:18
VLAI
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://lists.linuxcontainers.org/pipermail/lxc-d… | mailing-listx_refsource_MLIST |
| https://github.com/lxc/lxc/commit/16af238036a5464… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/96777 | vdb-entryx_refsource_BID |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bu… | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-3224-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2017/03/09/4 | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2017-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
"refsource": "MLIST",
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"name": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"name": "96777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96777"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"name": "USN-3224-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"name": "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn\u0027t verify network namespace ownership",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5985",
"datePublished": "2017-03-14T17:00:00.000Z",
"dateReserved": "2017-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10124 (GCVE-0-2016-10124)
Vulnerability from cvelistv5 – Published: 2017-01-09 08:48 – Updated: 2024-08-06 03:14
VLAI
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| http://www.securityfocus.com/bid/95404 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2015/09/03/5 | x_refsource_MISC |
| https://security.gentoo.org/glsa/201711-09 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/lxc/lxc/commit/e986ea3dfa4a295… | x_refsource_CONFIRM |
Date Public
2017-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95404"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal\u0027s input buffer, allowing an attacker to escape the container."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-12T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95404"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal\u0027s input buffer, allowing an attacker to escape the container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2014/12/15/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"name": "95404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95404"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/09/03/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"name": "GLSA-201711-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"name": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10124",
"datePublished": "2017-01-09T08:48:00.000Z",
"dateReserved": "2017-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1335 (GCVE-0-2015-1335)
Vulnerability from cvelistv5 – Published: 2015-10-01 20:00 – Updated: 2024-08-06 04:40
VLAI
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2015-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-9f8f4b182a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76894"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-31T20:06:03.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "FEDORA-2015-9f8f4b182a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76894"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-9f8f4b182a",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"refsource": "MLIST",
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76894"
},
{
"name": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name": "openSUSE-SU-2019:1481",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1335",
"datePublished": "2015-10-01T20:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:40:18.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-47952
Vulnerability from fkie_nvd - Published: 2023-01-01 06:15 - Updated: 2025-04-10 20:15
Severity
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56BE1A46-7BA1-4936-A2D1-723150A220BA",
"versionEndIncluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist."
},
{
"lang": "es",
"value": "lxc-user-nic en lxc hasta 5.0.1 est\u00e1 instalado con setuid root y puede permitir a los usuarios locales inferir si existe alg\u00fan archivo, incluso dentro de un \u00e1rbol de directorios protegido, porque \"Error al abrir\" a menudo indica que un archivo no existe. mientras que \"no se refiere a una ruta de espacio de nombres de red\" a menudo indica que existe un archivo. NOTA: esto es diferente de CVE-2018-6556 porque el dise\u00f1o de la correcci\u00f3n CVE-2018-6556 se bas\u00f3 en la premisa de que \"informaremos al usuario que open() fall\u00f3 pero el usuario no tiene forma de saber por qu\u00e9\". fallido\"; sin embargo, en muchos casos realistas, no hay razones plausibles para fallar excepto que el archivo no existe."
}
],
"id": "CVE-2022-47952",
"lastModified": "2025-04-10T20:15:17.877",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-01T06:15:09.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/MaherAzzouzi/CVE-2022-47952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2017-18641
Vulnerability from fkie_nvd - Published: 2020-02-10 01:15 - Updated: 2024-11-21 03:20
Severity
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:2.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "171010F6-2034-4373-B180-C5E75D533521",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers."
},
{
"lang": "es",
"value": "En LXC versi\u00f3n 2.0, muchos scripts de plantilla descargan c\u00f3digo por medio de texto sin cifrar HTTP, y omiten una comprobaci\u00f3n de firma digital, antes de ejecutarse en los contenedores de arranque."
}
],
"id": "CVE-2017-18641",
"lastModified": "2024-11-21T03:20:33.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-10T01:15:10.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-5736
Vulnerability from fkie_nvd - Published: 2019-02-11 19:29 - Updated: 2024-11-21 04:45
Severity
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A367C4FA-18DF-402F-B120-254B35F73BD1",
"versionEndExcluding": "18.09.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5",
"versionEndIncluding": "0.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "949172CC-EBB5-47F6-B987-207C802EED0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "093326B1-448C-4E3B-886D-CAC8B6813BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "F672C421-789D-4F21-B483-DA3EB251BA1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "48FAFDE5-1E73-4874-8F2E-3C74B1955096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9955945-7509-4542-BF83-B7BA0B4D8D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2EB454-D0C9-47FC-B727-1D61A8811967",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF77BB2-6F7A-408A-9F54-60F1F53B3709",
"versionEndExcluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF9E5A-7BD1-477E-9875-8525FD87B13F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0695E0-954A-4533-9D93-58257E9EA6D5",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B8DF0-FCE4-42A7-A582-0476226C6188",
"versionEndExcluding": "1.5.3",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01878119-E05A-469B-B49D-5D19082CED28",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C",
"versionEndExcluding": "1.7.2",
"versionStartIncluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "632B24FA-F2D6-42B0-87C7-7F142E15EFC7",
"versionEndExcluding": "2.2.0-1.13.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD20FA7-737F-47C0-B2AC-735438253AA9",
"versionEndExcluding": "1.10.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5AE03E-3AC4-4439-9D0D-45E097B2552C",
"versionEndExcluding": "1.11.9",
"versionStartIncluding": "1.10.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.11.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCFB2E7-D769-4365-9B99-952907563749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
"matchCriteriaId": "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82C0FD9D-6117-40DE-9386-7327867F9615",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."
},
{
"lang": "es",
"value": "runc, hasta la versi\u00f3n 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, as\u00ed, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gesti\u00f3n incorrecta del descriptor de archivos; esto est\u00e1 relacionado con /proc/self/exe."
}
],
"id": "CVE-2019-5736",
"lastModified": "2024-11-21T04:45:24.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-11T19:29:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rancher/runc-cve"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2019-5736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/runcescape"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/q3k/cve-2019-5736-poc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rancher/runc-cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03913en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46359/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46369/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6556
Vulnerability from fkie_nvd - Published: 2018-08-10 15:29 - Updated: 2024-11-21 04:10
Severity
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 18.04 | |
| linuxcontainers | lxc | * | |
| linuxcontainers | lxc | * | |
| suse | caas_platform | 1.0 | |
| suse | caas_platform | 2.0 | |
| suse | openstack_cloud | 6 | |
| suse | suse_linux_enterprise_server | 11 | |
| suse | suse_linux_enterprise_server | 11 | |
| opensuse | leap | 15.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6930BFF7-B9DE-4C00-9417-01142E02D009",
"versionEndIncluding": "2.0.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618B173-83E7-4BFC-8AE8-22D6CDA7EB3A",
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:caas_platform:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44BF9D66-26B1-4BEA-BFA1-9115D06F0C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:caas_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85D9542F-8D5A-430B-9804-B8170E067CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*",
"matchCriteriaId": "53945BEC-81F5-44F8-8035-7A4E5E2DA5B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "657C3582-75D1-4724-921C-FD4325D6D1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "41E76620-EC14-4D2B-828F-53F26DEA5DDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\u0027t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."
},
{
"lang": "es",
"value": "Cuando se solicita a lxc-user-nic que elimine una interfaz de red, abrir\u00e1 de forma incondicional una ruta proporcionada por el usuario. Esta ruta de c\u00f3digo podr\u00eda ser empleada por un usuario sin privilegios para comprobar la existencia de una ruta que no hubiese podido alcanzar de otra forma. Tambi\u00e9n podr\u00eda emplearse para desencadenar efectos secundarios provocando la apertura (solo lectura) de archivos especiales del kernel (ptmx, proc, sys). Los productos afectados son LXC: desde la versi\u00f3n 2.0 hasta despu\u00e9s de la la 2.0.9 (incluida) y desde la versi\u00f3n 3.0 hasta despu\u00e9s de la 3.0.0, anterior a la 3.0.2."
}
],
"id": "CVE-2018-6556",
"lastModified": "2024-11-21T04:10:53.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-10T15:29:01.297",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=988348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201808-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3730-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-417"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8649
Vulnerability from fkie_nvd - Published: 2017-05-01 06:59 - Updated: 2026-05-13 00:24
Severity
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * | |
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83629BC8-27B7-479D-A128-EFA5630BB184",
"versionEndExcluding": "1.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B65EC152-48AC-43E9-A1DF-E76C953508A5",
"versionEndExcluding": "2.0.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host\u0027s /proc, to access the rest of the host\u0027s filesystem via the openat() family of syscalls."
},
{
"lang": "es",
"value": "lxc-attach en LXC entre las versiones 1.0.9 y 2.x hasta la versi\u00f3n 2.0.6 permite que un atacante dentro de un contenedor sin privilegios, utilice un descriptor de archivo heredado de la carpeta /proc del host para acceder al resto del sistema de archivos del host a trav\u00e9s de llamadas al sistema openat()."
}
],
"id": "CVE-2016-8649",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-01T06:59:00.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94498"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-8649"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5985
Vulnerability from fkie_nvd - Published: 2017-03-14 17:59 - Updated: 2026-05-13 00:24
Severity
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * | |
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD42973B-545C-4D49-8DDA-CB3A9D6C68F5",
"versionEndIncluding": "1.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A326DD9B-29E6-4253-8270-B9D85FF0E8AF",
"versionEndIncluding": "2.0.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check."
},
{
"lang": "es",
"value": "lxc-user-nic en Linux Containers (LXC) permite a usuarios locales con una asignaci\u00f3n lxc-usernet crear interfaces de red en el host y elegir el nombre de esas interfaces aprovechando la falta de verificaci\u00f3n de propiedad de netns."
}
],
"id": "CVE-2017-5985",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-14T17:59:00.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/03/09/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3224-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10124
Vulnerability from fkie_nvd - Published: 2017-01-09 08:59 - Updated: 2026-05-06 22:30
Severity
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "174CEA20-CA6F-44BE-AC6F-301CE073C7EE",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal\u0027s input buffer, allowing an attacker to escape the container."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Linux Containers (LXC) en versiones anteriores a 22-02-2016. Cuando se ejecuta un programa a trav\u00e9s de lxc-attach, la sesi\u00f3n no privada puede escapar a la sesi\u00f3n parental utilizando el ioctl TIOCSTI para presionar caracteres en el b\u00fafer de entrada del terminal, permitiendo a un atacante escapar del contenedor."
}
],
"id": "CVE-2016-10124",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-09T08:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95404"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201711-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201711-09"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1335
Vulnerability from fkie_nvd - Published: 2015-10-01 20:59 - Updated: 2026-05-06 22:30
Severity
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * | |
| linuxcontainers | lxc | 1.1.0 | |
| linuxcontainers | lxc | 1.1.1 | |
| linuxcontainers | lxc | 1.1.2 | |
| linuxcontainers | lxc | 1.1.3 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7C740C-6A6C-4282-A3E2-A0235E0B0CD0",
"versionEndIncluding": "1.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5A5655-2884-40DA-9727-63F3DD0CE414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9ECBC3-1412-4965-86B0-AE8406CE9575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42727902-18EA-4A84-A794-837F7A26690C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E279D4-3B92-4548-AA15-A7CD8348D877",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
},
{
"lang": "es",
"value": "lxc-start en lxc en versiones anteriores a 1.0.8 y 1.1x en versiones anteriores a 1.1.4, permite a los administradores locales del contenedor escapar del confinamiento AppArmor a trav\u00e9s de un ataque de enlace simb\u00f3lico en un (1) montaje destino o (2) enlace a la fuente de montaje."
}
],
"id": "CVE-2015-1335",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-01T20:59:00.100",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"source": "security@ubuntu.com",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"source": "security@ubuntu.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/76894"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"source": "security@ubuntu.com",
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1334
Vulnerability from fkie_nvd - Published: 2015-08-12 14:59 - Updated: 2026-05-06 22:30
Severity
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label."
},
{
"lang": "es",
"value": "attach.c en LXC 1.1.2 y en versiones anteriores utiliza el sistema de archivos proc en un contenedor, lo que permite a usuarios del contenedor local escapar del confinamiento AppArmor o SELinux montando un sistema de archivos proc con un (1) perfil AppArmor o (2) una etiqueta SELinux manipulados."
}
],
"id": "CVE-2015-1334",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:05.590",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/75998"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"source": "security@ubuntu.com",
"url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e"
},
{
"source": "security@ubuntu.com",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1331
Vulnerability from fkie_nvd - Published: 2015-08-12 14:59 - Updated: 2026-05-06 22:30
Severity
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxcontainers | lxc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25",
"versionEndIncluding": "1.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*."
},
{
"lang": "es",
"value": "Vulnerabilidad en\u00a0lxclock.c en LXC 1.1.2 y versiones anteriores, permite a usuarios locales crear archivos arbitrarios a trav\u00e9s de un ataque symlink en /run/lock/lxc/*."
}
],
"id": "CVE-2015-1331",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-12T14:59:03.823",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/75999"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842"
},
{
"source": "security@ubuntu.com",
"url": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6"
},
{
"source": "security@ubuntu.com",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2675-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}