Описание
LXD vulnerable to Race Condition
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Specific Go Packages Affected
github.com/lxc/lxd/shared
Пакеты
github.com/lxc/lxd
< 0.0.0-20151004155856-19c6961cc101
0.0.0-20151004155856-19c6961cc101
Связанные уязвимости
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...