CVE-2015-1340

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

Published: Apr 22, 2019
Updated: May 9, 2024
CVE: CVE-2015-1340
GHSA: GHSA-8mpq-fmr3-6jxv
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
github.com/lxc/lxd/shared	-	0.0.0-20151004155856-19c6961cc101
github.com/lxc/lxd	-	0.0.0-20151004155856-19c6961cc101

https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
https://github.com/lxc/lxd/pull/1189
https://pkg.go.dev/vuln/GO-2021-0071

Vulnerability Database

CVE-2015-1340

Deep Security Visibility Without the Complexity