CVE-2015-1342

Sažetak

LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

Reference

http://www.ubuntu.com/usn/USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-12-2015 - 20:37

Objavljeno

07-12-2015 - 20:59