3 matches found
LXD vulnerable to Race Condition
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer has an unsafe Chmod call that races against the stat in the Filepath.Walk function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. Specific Go Packages Affected...
Chmod Race Condition
github.com/lxc/lxd contains a chmod Time-of-Check-Time-of-Use TOCTOU race condition. The vulnerability exists as the file descriptor to the entry that was processed was not validated...
Information Disclosure
github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.imgwhen setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers...