Lucene search

Gentoo FoundationMGASA-2014-0102

HistoryFeb 26, 2014 - 10:23 p.m.

Updated lxc packages fix security vulnerability

2014-02-2622:23:25

Gentoo Foundation

advisories.mageia.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Florian Sagar discovered that the LXC sshd template set incorrect mount permissions. An attacker could possibly use this flaw to cause privilege escalation on the host (CVE-2013-6441).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchlxc< 0.8.0-1.2lxc-0.8.0-1.2.mga3
Mageia4noarchlxc< 0.9.0-5.1lxc-0.9.0-5.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	lxc	< 0.8.0-1.2	lxc-0.8.0-1.2.mga3
Mageia	4	noarch	lxc	< 0.9.0-5.1	lxc-0.9.0-5.1.mga4

References

www.ubuntu.com/usn/usn-2104-1/

bugs.mageia.org/show_bug.cgi?id=12760

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Related for MGASA-2014-0102