Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Lxc
(Linuxcontainers)| Repositories |
• https://github.com/lxc/lxc
• https://github.com/opencontainers/runc |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-10 | CVE-2017-18641 | In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | Lxc | N/A | ||
| 2017-03-14 | CVE-2017-5985 | lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. | Lxc | 3.3 | ||
| 2018-08-10 | CVE-2018-6556 | lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. | Ubuntu_linux, Lxc, Leap, Caas_platform, Openstack_cloud, Suse_linux_enterprise_server | 3.3 | ||
| 2015-10-01 | CVE-2015-1335 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | Ubuntu_linux, Lxc | N/A | ||
| 2015-08-12 | CVE-2015-1334 | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. | Lxc | N/A | ||
| 2015-08-12 | CVE-2015-1331 | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | Lxc | N/A | ||
| 2017-05-01 | CVE-2016-8649 | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | Lxc | 9.1 | ||
| 2017-01-09 | CVE-2016-10124 | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. | Lxc | 8.6 | ||
| 2014-02-14 | CVE-2013-6441 | The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. | Lxc | N/A |