CVE-2015-1335
Debian Security Advisory 3400-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
lxc-start en lxc en versiones anteriores a 1.0.8 y 1.1x en versiones anteriores a 1.1.4, permite a los administradores locales del contenedor escapar del confinamiento AppArmor a través de un ataque de enlace simbólico en un (1) montaje destino o (2) enlace a la fuente de montaje.
Roman Fiedler discovered a directory traversal flaw in LXC, the Linux Containers userspace tools. A local attacker with access to a LXC container could exploit this flaw to run programs inside the container that are not confined by AppArmor or expose unintended files in the host to the container.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-22 CVE Reserved
- 2015-09-30 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/09/29/4 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/76894 | Vdb Entry | |
| https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662 | X_refsource_confirm | |
| https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html | 2019-05-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | <= 1.0.7 Search vendor "Linuxcontainers" for product "Lxc" and version " <= 1.0.7" | - |
Affected
| ||||||
| Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | 1.1.0 Search vendor "Linuxcontainers" for product "Lxc" and version "1.1.0" | - |
Affected
| ||||||
| Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | 1.1.1 Search vendor "Linuxcontainers" for product "Lxc" and version "1.1.1" | - |
Affected
| ||||||
| Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | 1.1.2 Search vendor "Linuxcontainers" for product "Lxc" and version "1.1.2" | - |
Affected
| ||||||
| Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | 1.1.3 Search vendor "Linuxcontainers" for product "Lxc" and version "1.1.3" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||