Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-6556

Опубликовано: 10 авг. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.1
CVSS3: 3.3

Описание

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

РелизСтатусПримечание
bionic

released

3.0.1-0ubuntu1~18.04.2
devel

released

3.0.1-0ubuntu2
esm-infra-legacy/trusty

not-affected

1.0.10-0ubuntu1.1
esm-infra/bionic

released

3.0.1-0ubuntu1~18.04.2
esm-infra/xenial

not-affected

2.0.8-0ubuntu1~16.04.2
precise/esm

DNE

trusty

not-affected

1.0.10-0ubuntu1.1
trusty/esm

not-affected

1.0.10-0ubuntu1.1
upstream

needs-triage

xenial

not-affected

2.0.8-0ubuntu1~16.04.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 18%
0.00056
Низкий

2.1 Low

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-6556

CVSS3: 3.3
nvd
больше 7 лет назад

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

debian логотип

CVE-2018-6556

CVSS3: 3.3
debian
больше 7 лет назад

lxc-user-nic when asked to delete a network interface will uncondition ...

suse-cvrf логотип

openSUSE-SU-2018:2316-1

suse-cvrf
больше 7 лет назад

Security update for lxc

github логотип

GHSA-xg68-6jxg-5w7p

CVSS3: 3.3
github
больше 3 лет назад

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

fstec логотип

BDU:2020-01714

CVSS3: 3.3
fstec
больше 7 лет назад

Уязвимость системы виртуализации LXC, связанная с ошибкой предоставления пользователю доступа, при запросе удаления сетевого интерфейса, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 18%
0.00056
Низкий

2.1 Low

CVSS2

3.3 Low

CVSS3