Note:
This project will be discontinued after December 13, 2021. [more]
2016-05-02
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
Products | Linux_kernel |
Type | Improper Privilege Management (CWE-269) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/96838
• http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/ • http://www.openwall.com/lists/oss-security/2016/02/24/9 • https://sourceforge.net/p/aufs/mailman/message/34864744/ |