Search

Penetration
Testing

LXC CVE-2015-1331 Local Directory Traversal Vulnerability

Bugtraq ID: 75999
Class: Input Validation Error
CVE: CVE-2015-1331
Remote: No
Local: Yes
Author: Roman Fiedler (Austrian Institute of Technology)

SUMMARY

An attacker can use readily available commands and tools to exploit this issue.

VULNERABILITY DESCRIPTION

LXC is prone to a local directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

A local attacker could exploit this vulnerability using directory-traversal characters (‘../’) to arbitrary file as the root user.

VULNERABLE VERSIONS

  • Debian Linux 6.0 sparc
  • Debian Linux 6.0 s/390
  • Debian Linux 6.0 powerpc
  • Debian Linux 6.0 mips
  • Debian Linux 6.0 ia-64
  • Debian Linux 6.0 ia-32
  • Debian Linux 6.0 arm
  • Debian Linux 6.0 amd64

Mitigation

Updates are available. Please see the references or vendor advisory for more information.

References