Published: 01/05/2017 Updated: 26/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

lxc-attach in LXC prior to 1.0.9 and 2.x prior to 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxcontainers lxc

Debian Bug report logs - #845465 lxc: CVE-2016-8649: attach: do not send procfd to attached process Package: src:lxc; Maintainer for src:lxc is pkg-lxc <pkg-lxc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Nov 2016 18:09:01 UTC Severity: important Tags: patch, se ...

LXC could be made to allow containers to access to the host filesystem ...

CWE-264 https://security-tracker.debian.org/tracker/CVE-2016-8649 https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c https://bugzilla.redhat.com/show_bug.cgi?id=1398242 https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465 http://www.securityfocus.com/bid/94498 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465 https://usn.ubuntu.com/3136-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-8649

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect