Lucene search
Ubuntu.comUB:CVE-2013-1956HistoryApr 24, 2013 - 12:00 a.m.
CVE-2013-1956
2013-04-2400:00:00
ubuntu.com
ubuntu.com
11
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
The create_user_ns function in kernel/user_namespace.c in the Linux kernel
before 3.8.6 does not check whether a chroot directory exists that differs
from the namespace root directory, which allows local users to bypass
intended filesystem restrictions via a crafted clone system call.
Bugs
Notes
| Author | Note |
|---|---|
| henrix | According to the author of the fix[1], kernels older than 3.8 simply not enough things were converted for most people to build a kernel with user namespaces enabled. [1] https://lkml.org/lkml/2013/10/22/349 |
Related
cvelist
cvelist
CVE-2013-1956
2013-04-24 19:00:00
cve
cve
CVE-2013-1956
2013-04-24 19:55:01
prion
prion
Design/Logic Flaw
2013-04-24 19:55:00
nvd
nvd
CVE-2013-1956
2013-04-24 19:55:01
debiancve
debiancve
CVE-2013-1956
2013-04-24 19:55:01
redhatcve
redhatcve
CVE-2013-1956
2015-10-30 10:15:11
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
Related for UB:CVE-2013-1956