Vulnerability type: Incorrect access control
Vendor: LXC
Products:
- LXC 2.0
- LXC 3.0
Vendor acknowledged: yes
Attack type: local
Impact: Information disclosure
Affected components: lxc-user-nic
Attack vectors: Manually passing a path that does not refer to a network namespace
Description:
lxc-user-nic (setuid) when asked to delete a network interface will
unconditionally open a user provided path.
This code path may be used by an unprivileged user to check for
the existence of a path which they wouldn't otherwise be able to reach.
Updated CVE paperwork:
Vulnerability type: Incorrect access control
Vendor: LXC
Products:
- LXC 2.0
- LXC 3.0
Vendor acknowledged: yes
Attack type: local
Impact: Information disclosure
Affected components: lxc-user-nic
Attack vectors: Manually passing a path that does not refer to a network namespace
Description:
lxc-user-nic (setuid) when asked to delete a network interface will
unconditionally open a user provided path.
This code path may be used by an unprivileged user to check for
the existence of a path which they wouldn't otherwise be able to reach.
It may also be used to trigger side effects by causing a (read-only) open /bugs.launchpad .net/ubuntu/ +source/ lxc/+bug/ 1783591 /bugzilla. suse.com/ show_bug. cgi?id= 988348
of special kernel files (ptmx, proc, sys).
References:
- https:/
- https:/
Credits: Matthias Gerstner from SUSE