Bugtraq ID: 76894
Class: Input Validation Error
CVE: CVE-2015-1335
Remote: Yes
Local: No
Author: Roman Fiedler (Austrian Institute of Technology)
CVE: CVE-2015-1335
Remote: Yes
Local: No
Author: Roman Fiedler (Austrian Institute of Technology)
SUMMARY
An attacker can use readily available commands and tools to exploit this issue.
VULNERABILITY DESCRIPTION
LXC is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters (‘../’) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
VULNERABLE VERSIONS
- Ubuntu Ubuntu Linux 15.04
- Ubuntu Ubuntu Linux 14.04 LTS
- Oracle Linux 0
- Oracle Enterprise Linux 7
- LXC LXC 1.1
- LXC LXC 1.0.0
- Debian Linux 6.0 sparc
- Debian Linux 6.0 s/390
- Debian Linux 6.0 powerpc
- Debian Linux 6.0 mips
- Debian Linux 6.0 ia-64
- Debian Linux 6.0 ia-32
- Debian Linux 6.0 arm
- Debian Linux 6.0 amd64
MITIGATION
Updates are available. Please see the references or vendor advisory for more information.