Vulnerabilities > CVE-2015-1334 - Code vulnerability in Linuxcontainers LXC

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
linuxcontainers
CWE-17
nessus

Summary

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-523.NASL
    descriptionlxc was updated to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-1331: directory traversal flaw allowing arbitrary file creation as the root user (bnc#938522) - CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523)
    last seen2020-06-05
    modified2015-07-31
    plugin id85135
    published2015-07-31
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85135
    titleopenSUSE Security Update : lxc (openSUSE-2015-523)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2675-1.NASL
    descriptionRoman Fiedler discovered that LXC had a directory traversal flaw when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. (CVE-2015-1331) Roman Fiedler discovered that LXC incorrectly trusted the container
    last seen2020-06-01
    modified2020-06-02
    plugin id84957
    published2015-07-23
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84957
    titleUbuntu 14.04 LTS / 14.10 / 15.04 : lxc vulnerabilities (USN-2675-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-12608.NASL
    descriptionSecurity fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-08-11
    plugin id85313
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85313
    titleFedora 23 : lxc-1.1.2-2.fc23 (2015-12608)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-12645.NASL
    descriptionSecurity fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-08-11
    plugin id85314
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85314
    titleFedora 21 : lxc-1.0.7-2.fc21 (2015-12645)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-12647.NASL
    descriptionSecurity fix for CVE-2015-1331, CVE-2015-1334. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-08-11
    plugin id85315
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85315
    titleFedora 22 : lxc-1.1.2-2.fc22 (2015-12647)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3317.NASL
    descriptionSeveral vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user. - CVE-2015-1334 Roman Fiedler discovered that LXC incorrectly trusted the container
    last seen2020-06-01
    modified2020-06-02
    plugin id84993
    published2015-07-27
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84993
    titleDebian DSA-3317-1 : lxc - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3065.NASL
    descriptionDescription of changes: [1.0.7-2.0.7] - [Orabug 21533491] CVE-2015-1334: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id85178
    published2015-08-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85178
    titleOracle Linux 6 / 7 : lxc (ELSA-2015-3065)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-524.NASL
    descriptionlxc was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc (bnc#938523)
    last seen2020-06-05
    modified2015-07-31
    plugin id85136
    published2015-07-31
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85136
    titleopenSUSE Security Update : lxc (openSUSE-2015-524)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1481.NASL
    descriptionThis update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762)
    last seen2020-06-01
    modified2020-06-02
    plugin id125668
    published2019-06-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125668
    titleopenSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481)