Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-1335

Published: 01/10/2015 Updated: 31/05/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Lxc

Vulnerability Summary

lxc-start in lxc prior to 1.0.8 and 1.1.x prior to 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.

Vulnerable Product Search on Vulmon Subscribe to Product

linuxcontainers lxc 1.1.2

linuxcontainers lxc 1.1.3

linuxcontainers lxc

linuxcontainers lxc 1.1.0

linuxcontainers lxc 1.1.1

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

Vendor Advisories

Debian CVElist Bug Report Logs: lxc: CVE-2015-1335
Debian Bug report logs - #800471 lxc: CVE-2015-1335 Package: src:lxc; Maintainer for src:lxc is pkg-lxc <pkg-lxc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Sep 2015 20:36:01 UTC Severity: serious Tags: fixed-upstream, patch, security, upstream Found in version ...
Ubuntu Security Notice: lxc vulnerability
LXC could be made to start containers without AppArmor confinement or access the host filesystem ...
Debian Security Advisories: DSA-3400-1 lxc -- security update
Roman Fiedler discovered a directory traversal flaw in LXC, the Linux Containers userspace tools A local attacker with access to a LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container For the stable distribution (jessie), this problem h ...

References

CWE-59https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.htmlhttp://www.ubuntu.com/usn/USN-2753-1http://www.openwall.com/lists/oss-security/2015/09/29/4https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289behttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/76894http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.htmlhttp://www.debian.org/security/2015/dsa-3400http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.htmlhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800471https://usn.ubuntu.com/2753-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook