LXD prior to 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 16.04 |
||
canonical lxd |