Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up

Related Vulnerabilities: CVE-2021-3847   CVE-2016-1575   CVE-2016-2853   CVE-2016-1576  
Source 
                Alon Zahavi writes:

Just funny, just hours before this mail I got 3 mails on different
overlayfs copy-up vuln, e.g.

"""
The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: linux (Ubuntu Precise)
       Status: New => Won't Fix

-- 
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1534961
"""
...

[Bug 1534961] Re: CVE-2016-1575
[Bug 1547400] Re: CVE-2016-2853
[Bug 1535150] Re: CVE-2016-1576

So it is 5 years and not so much changed :-)

Overlayfs and alike where lower privileged user can simultaneously
access lower/upper AND the mounted file system is extremely dangerous
and prone to so many vulns, that nobody should use/allow that.

hd

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started