CVE-2015-1340
7
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ubuntu | LXD | unspecified < 0.19-0ubuntu5 | affected |
Weaknesses
- Race condition.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.