CVE-2015-1340

Summary

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

Affected Software

VendorProductVersion RangeStatus
UbuntuLXDunspecified < 0.19-0ubuntu5affected

Weaknesses

  • Race condition.

ADP Enrichment

CVE Program Container

Additional References

References