Vulnerabilities > CVE-2015-1334 - Code vulnerability in Linuxcontainers LXC
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-523.NASL description lxc was updated to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-1331: directory traversal flaw allowing arbitrary file creation as the root user (bnc#938522) - CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523) last seen 2020-06-05 modified 2015-07-31 plugin id 85135 published 2015-07-31 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85135 title openSUSE Security Update : lxc (openSUSE-2015-523) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2675-1.NASL description Roman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container last seen 2020-06-01 modified 2020-06-02 plugin id 84957 published 2015-07-23 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84957 title Ubuntu 14.04 LTS / 14.10 / 15.04 : lxc vulnerabilities (USN-2675-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-12608.NASL description Security fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-11 plugin id 85313 published 2015-08-11 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85313 title Fedora 23 : lxc-1.1.2-2.fc23 (2015-12608) NASL family Fedora Local Security Checks NASL id FEDORA_2015-12645.NASL description Security fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-11 plugin id 85314 published 2015-08-11 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85314 title Fedora 21 : lxc-1.0.7-2.fc21 (2015-12645) NASL family Fedora Local Security Checks NASL id FEDORA_2015-12647.NASL description Security fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-11 plugin id 85315 published 2015-08-11 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85315 title Fedora 22 : lxc-1.1.2-2.fc22 (2015-12647) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3317.NASL description Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. - CVE-2015-1334 Roman Fiedler discovered that LXC incorrectly trusted the container last seen 2020-06-01 modified 2020-06-02 plugin id 84993 published 2015-07-27 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84993 title Debian DSA-3317-1 : lxc - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3065.NASL description Description of changes: [1.0.7-2.0.7] - [Orabug 21533491] CVE-2015-1334: Don last seen 2020-06-01 modified 2020-06-02 plugin id 85178 published 2015-08-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85178 title Oracle Linux 6 / 7 : lxc (ELSA-2015-3065) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-524.NASL description lxc was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523) last seen 2020-06-05 modified 2015-07-31 plugin id 85136 published 2015-07-31 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85136 title openSUSE Security Update : lxc (openSUSE-2015-524) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1481.NASL description This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762) last seen 2020-06-01 modified 2020-06-02 plugin id 125668 published 2019-06-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125668 title openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html
- http://www.debian.org/security/2015/dsa-3317
- http://www.securityfocus.com/bid/75998
- http://www.ubuntu.com/usn/USN-2675-1
- https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e
- https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html