Bugtraq ID: 94498Class: Input Validation Error
CVE: CVE-2016-8649
Remote: Yes
Local: No
Author: Roman Fiedler (Austrian Institute of Technology)

SUMMARY

An attacker can use readily available commands and tools to exploit this issue.

VULNERABILITY DESCRIPTION

LXC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue using directory-traversal characters (‘../’) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.

Vulnerable Versions

• Ubuntu Ubuntu Linux 16.10
• Ubuntu Ubuntu Linux 16.04 LTS
• Ubuntu Ubuntu Linux 14.04 LTS
• LXC LXC 2.0.5
• LXC LXC 2.0.4
• LXC LXC 2.0.3
• LXC LXC 2.0.2
• LXC LXC 2.0.1
• LXC LXC 2.0
• LXC LXC 1.0.8
• LXC LXC 1.0.7
• LXC LXC 1.0.6
• LXC LXC 1.0.5
• LXC LXC 1.0.4
• LXC LXC 1.0.3
• LXC LXC 1.0.2
• LXC LXC 1.0.1
• LXC LXC 1.0.0

MITIGATION

Updates are available. Please see the references or vendor advisory for more information.

References

• NVD – CVE-2016-8649