[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1342Date: (C)2015-12-15   (M)2023-12-22


LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
USN-2813-1
https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
https://github.com/lxc/lxcfs/commit/a8b6c3e0537e90fba3c55910fd1b7229d54a60a7

CPE    2
cpe:/o:canonical:ubuntu_linux:15.10
cpe:/o:canonical:ubuntu_linux:15.04
CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:702848

© SecPod Technologies