Lucene search
GoogleOSV:GHSA-8MPQ-FMR3-6JXVHistoryMay 24, 2022 - 4:44 p.m.
LXD vulnerable to Race Condition
2022-05-2416:44:07
Google
osv.dev
2
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker’s choice.
Specific Go Packages Affected
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/lxc/lxd | lt | 0.0.0-20151004155856-19c6961cc101 |
Related
cve
cve
CVE-2015-1340
2019-04-22 16:29:00
ubuntucve
ubuntucve
CVE-2015-1340
2019-04-22 00:00:00
debiancve
debiancve
CVE-2015-1340
2019-04-22 16:29:00
osv
osv
Race condition in github.com/lxc/lxd
2021-04-14 20:04:52
veracode
veracode
Chmod Race Condition
2017-05-03 06:31:32
nvd
nvd
CVE-2015-1340
2019-04-22 16:29:00
cvelist
cvelist
CVE-2015-1340 chmod race in doUidshiftIntoContainer
2015-10-02 00:00:00
prion
prion
Design/Logic Flaw
2019-04-22 16:29:00
github
github
LXD vulnerable to Race Condition
2022-05-24 16:44:07