Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28432

HistoryDec 06, 2020 - 4:35 a.m.

Authorization Bypass

2020-12-0604:35:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

authorization bypass

lxc

vulnerability

functional level access

local users

network interfaces

host

netns ownership check

EPSS

0

Percentile

5.1%

lxc is vulnerable to authorization bypass. The vulnerability exists through missing functional level access which allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html

www.openwall.com/lists/oss-security/2017/03/09/4

www.securityfocus.com/bid/96777

www.ubuntu.com/usn/USN-3224-1

bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676

github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9

lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html

security-tracker.debian.org/tracker/CVE-2017-5985

EPSS

0

Percentile

5.1%

Related for VERACODE:28432

nessus4 prion1 osv2 nvd1 debiancve1 ubuntucve1 openvas3 cve1 ubuntu1 cvelist1 archlinux1 mageia1 suse1