CVE-2015-1328
Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
7Exploited in Wild
-Decision
Descriptions
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
La implementación de overlayfs en el paquete linux (también conocido como kernel Linux) en versiones anteriores a 3.19.0-21.21 en Ubuntu hasta la versión 15.04 no comprueba adecuadamente permisos para la creación de archivos en el directorio de sistema de archivos upper, lo que permite a usuarios locales obtener acceso de root aprovechando una configuración donde overlayfs es permitido en un espacio de nombre de montaje arbitrario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-22 CVE Reserved
- 2015-06-15 CVE Published
- 2015-06-16 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2015/q2/717 | Mailing List |
|
| http://www.securityfocus.com/bid/75206 | Third Party Advisory | |
| https://security-tracker.debian.org/tracker/CVE-2015-1328 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/40688 | 2016-11-02 | |
| https://www.exploit-db.com/exploits/37293 | 2015-06-16 | |
| https://www.exploit-db.com/exploits/37292 | 2024-08-06 | |
| https://github.com/elit3pwner/CVE-2015-1328-GoldenEye | 2022-02-07 | |
| https://github.com/notlikethis/CVE-2015-1328 | 2021-06-26 | |
| https://github.com/SR7-HACKING/LINUX-VULNERABILITY-CVE-2015-1328 | 2020-05-12 | |
| http://www.exploit-db.com/exploits/40688 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html | 2017-09-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | <= 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version " <= 15.04" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.19 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.19" | - |
Affected
| ||||||