CVE-2015-1335
https://notcve.org/view.php?id=CVE-2015-1335
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. lxc-start en lxc en versiones anteriores a 1.0.8 y 1.1x en versiones anteriores a 1.1.4, permite a los administradores locales del contenedor escapar del confinamiento AppArmor a través de un ataque de enlace simbólico en un (1) montaje destino o (2) enlace a la fuente de montaje. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html http://www.debian.org/security/2015/dsa-3400 http://www.openwall.com/lists/oss-security/2015/09/29/4 http:/ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-1334
https://notcve.org/view.php?id=CVE-2015-1334
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. attach.c en LXC 1.1.2 y en versiones anteriores utiliza el sistema de archivos proc en un contenedor, lo que permite a usuarios del contenedor local escapar del confinamiento AppArmor o SELinux montando un sistema de archivos proc con un (1) perfil AppArmor o (2) una etiqueta SELinux manipulados. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html http://www.debian.org/security/2015/dsa-3317 http://www.securityfocus.com/bid/75998 http://www.ubuntu.com/usn/USN-2675-1 https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html • CWE-17: DEPRECATED: Code •
CVE-2015-1331
https://notcve.org/view.php?id=CVE-2015-1331
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. Vulnerabilidad en lxclock.c en LXC 1.1.2 y versiones anteriores, permite a usuarios locales crear archivos arbitrarios a través de un ataque symlink en /run/lock/lxc/*. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html http://www.debian.org/security/2015/dsa-3317 http://www.securityfocus.com/bid/75999 http://www.ubuntu.com/usn/USN-2675-1 https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842 https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6 https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2013-6441
https://notcve.org/view.php?id=CVE-2013-6441
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. La plantilla lxc-sshd (templates/lxc-sshd.in) en LXC anterior a 1.0.0.beta2 utiliza permisos de lectura-escritura cuando monta /sbin/init, lo que permite a usuarios locales ganar privilegios mediante la modificación del archivo init. • http://www.ubuntu.com/usn/USN-2104-1 https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045 https://github.com/dotcloud/lxc/pull/1 https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 • CWE-264: Permissions, Privileges, and Access Controls •