Lucene search

Ubuntu.comUB:CVE-2016-10124

HistoryJan 09, 2017 - 12:00 a.m.

CVE-2016-10124

2017-01-0900:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.002

Percentile

60.1%

JSON

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When
executing a program via lxc-attach, the nonpriv session can escape to the
parent session by using the TIOCSTI ioctl to push characters into the
terminal’s input buffer, allowing an attacker to escape the container.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlxc< 1.0.10-0ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	lxc	< 1.0.10-0ubuntu1.1	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2016-10124

nvd.nist.gov/vuln/detail/CVE-2016-10124

security-tracker.debian.org/tracker/CVE-2016-10124

ubuntu.com/security/notices/USN-3375-1

www.cve.org/CVERecord?id=CVE-2016-10124

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.002

Percentile

60.1%

JSON

Related for UB:CVE-2016-10124