Vulnerabilities

CVE-2015-1340

by Fred · 22/04/2019

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker’s choice.

Date published : 2019-04-22

https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4

Similar

Tags: Cybersecurity Alert