4 matches found
CVE-2015-1340
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...
CVE-2015-1340
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...
CVE-2015-1340
CVE-2015-1340 describes a TOCTOU race in LXD’s container path handling: an unsafe chmod in doUidshiftIntoContainer() that races with Filepath.Walk(), allowing a symlink created in the window to let an attacker set arbitrary file modes. Affected: LXD prior to 0.19-0ubuntu5. Impact: potential modif...
CVE-2015-1340 chmod race in doUidshiftIntoContainer
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice...