Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv3

CVE-2018-6556

Published: 10/08/2018 Updated: 31/05/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ubuntu Linux

Vulnerability Summary

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, before 3.0.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 18.04

linuxcontainers lxc

suse suse linux enterprise server 11

suse caas platform 2.0

suse openstack cloud 6

suse caas platform 1.0

opensuse leap 15.0

Vendor Advisories

Debian CVElist Bug Report Logs: lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files
Debian Bug report logs - #905586 lxc: CVE-2018-6556: lxc-user-nic allows unprivileged users to open arbitrary files Package: src:lxc; Maintainer for src:lxc is pkg-lxc <pkg-lxc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Aug 2018 17:12:02 UTC Severity: grave Tag ...
Ubuntu Security Notice: lxc vulnerability
LXC would allow unintended access to files ...
Arch Linux Issues:
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, s ...

Github Repositories

https://github.com/MaherAzzouzi/CVE-2022-47952

LXC Information Disclosure vulnerability.

[Suggested description] lxc-user-nic in lxc through 501 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists NOTE: this is diff

References

CWE-417https://usn.ubuntu.com/usn/usn-3730-1https://bugzilla.suse.com/show_bug.cgi?id=988348https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591https://security.gentoo.org/glsa/201808-02http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905586https://usn.ubuntu.com/3730-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook