7.2

CVE-2015-1335

lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxcontainersLxc Version <= 1.0.7
LinuxcontainersLxc Version1.1.0
LinuxcontainersLxc Version1.1.1
LinuxcontainersLxc Version1.1.2
LinuxcontainersLxc Version1.1.3
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html
http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html
http://www.debian.org/security/2015/dsa-3400
http://www.openwall.com/lists/oss-security/2015/09/29/4
http://www.securityfocus.com/bid/76894
http://www.ubuntu.com/usn/USN-2753-1
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662
https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html
Patch
Vendor Advisory