Published: 19/02/2020 Updated: 28/02/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

OverlayFS in the Linux kernel prior to 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow malicious users to bypass security restrictions and perform unauthorized actions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 10.04
canonical ubuntu linux 11.10

Several security issues were fixed in the kernel ...

#source: wwwsecurityfocuscom/bid/51529/info #OverlayFS is prone to a local security-bypass vulnerability #Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions #!/bin/bash ddir=`cat /proc/self/mountinfo | grep cgroup | grep devices | awk '{ print $5 }'` if [ "x$ddir" = "x" ]; then echo ...

CWE-862 http://www.ubuntu.com/usn/USN-1364-1 http://www.ubuntu.com/usn/USN-1363-1 http://www.ubuntu.com/usn/USN-1384-1 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-0055 http://www.openwall.com/lists/oss-security/2012/01/17/11 https://access.redhat.com/security/cve/cve-2012-0055 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941 https://nvd.nist.gov https://usn.ubuntu.com/1363-1/https://www.exploit-db.com/exploits/36571/

CVE-2012-0055

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect