Bugtraq ID: 94498
Class: Input Validation Error
CVE: CVE-2016-8649
Remote: Yes
Local: No
Author: Roman Fiedler (Austrian Institute of Technology)
CVE: CVE-2016-8649
Remote: Yes
Local: No
Author: Roman Fiedler (Austrian Institute of Technology)
SUMMARY
An attacker can use readily available commands and tools to exploit this issue.
VULNERABILITY DESCRIPTION
LXC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters (‘../’) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
Vulnerable Versions
- Ubuntu Ubuntu Linux 16.10
- Ubuntu Ubuntu Linux 16.04 LTS
- Ubuntu Ubuntu Linux 14.04 LTS
- LXC LXC 2.0.5
- LXC LXC 2.0.4
- LXC LXC 2.0.3
- LXC LXC 2.0.2
- LXC LXC 2.0.1
- LXC LXC 2.0
- LXC LXC 1.0.8
- LXC LXC 1.0.7
- LXC LXC 1.0.6
- LXC LXC 1.0.5
- LXC LXC 1.0.4
- LXC LXC 1.0.3
- LXC LXC 1.0.2
- LXC LXC 1.0.1
- LXC LXC 1.0.0
MITIGATION
Updates are available. Please see the references or vendor advisory for more information.