3.3

CVE-2017-5985

lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxcontainersLxc Version <= 1.0.9
LinuxcontainersLxc Version >= 2.0.0 <= 2.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.253
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
http://www.openwall.com/lists/oss-security/2017/03/09/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96777
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3224-1
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Third Party Advisory
https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
Patch
Issue Tracking
https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html
Vendor Advisory