Описание
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:linuxcontainers:lxd:-:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00315
Низкий
7 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-362
Связанные уязвимости
CVSS3: 7
ubuntu
почти 7 лет назад
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
CVSS3: 7
debian
почти 7 лет назад
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ...
EPSS
Процентиль: 54%
0.00315
Низкий
7 High
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-362