4 matches found
EUVD-2016-2676
Malware in sbrugna...
Information Disclosure
github.com/lxc/lxd is vulnerable to information disclosure. This is because it uses world-readable permissions for /var/lib/lxd/zfs.imgwhen setting up a ZFS pool. Using this flaw local users can read and copy data from arbitrary containers...
CVE-2016-1581
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors...
USN-2988-1 lxd vulnerabilities
Robie Basak discovered that LXD incorrectly set permissions when setting up a loop based ZFS pool. A local attacker could use this issue to copy and read the data of any LXD container. CVE-2016-1581 Robie Basak discovered that LXD incorrectly set permissions when switching an unprivileged contain...