19 matches found
runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration
A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections...
Symlink Bypass
github.com/opencontainers/runc is vulnerable to Symlink Attack. The vulnerability exists because the proc and sysfs attributes do not properly check whether the destination is a symlink or not, which allows an attacker to bypass the AppArmor or SELinux when /proc inside the container is symlinked...
SUSE SLES12 Security Update : runc (SUSE-SU-2023:1726-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1726-1 advisory. - runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that...
Design/Logic Flaw
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642 AppArmor bypass with symlinked /proc in runc
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
CVE-2023-28642
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...
runc 后置链接漏洞
runc is a CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions prior to 1.1.5, which stems from the fact that AppArmor can be bypassed when /proc within a container is symlinked with a specific...
SUSE CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
runC: Container breakout
Background runC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability in runC could allow an attacker to achieve privilege escalation if specific mount configuration prerequisites are satisfied. Impact An attacker may be able to escalati...
DEBIAN-CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
UBUNTU-CVE-2021-30465
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition...
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration...
PT-2019-8956 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.1-23824 Description: The issue allows remote authenticated users to obtain sensitive information due to an information exposure vulnerability in the /usr/syno/etc/mount.conf configuration...
Server: Users can mount the local filesystem
Due to not properly sanitzing the mount configuration authenticated users are able to mount the local filesystem into their ownCloud. A successful exploit requires the filesexternal app to be enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4....
CVE-2014-2585
ownCloud before 5.0.15 and 6.x before 6.0.2, when the fileexternal app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration...
Design/Logic Flaw
ownCloud before 5.0.15 and 6.x before 6.0.2, when the fileexternal app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration...
CVE-2014-2585
ownCloud before 5.0.15 and 6.x before 6.0.2, when the fileexternal app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration...
CVE-2014-2585
ownCloud before 5.0.15 and 6.x before 6.0.2, when the fileexternal app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration...