blob: b3d7a9444acde26cc6c09b771a65cd0c77ec1d4d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Privilege escalation through userns, overlay mounts and setgid flag
References:
http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
Notes:
bwh> The exploit depends on unprivileged users being able to create user
bwh> namespaces (disallowed by default in Debian) and being able to mount
bwh> overlayfs within a user namespace (only allowed in Ubuntu). But it's
bwh> possible that an administrator might accidentally set up a
bwh> configuration that is exploitable.
bwh> jessie is affected by a similar issue with aufs substituting for
bwh> overlayfs.
Bugs:
upstream: released (4.5-rc1) [e9f57ebcba563e0cd532926cab83c92bb4d79360]
3.16-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
3.2-upstream-stable: N/A "Vulnerable code not present, introduced in e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)"
sid: released (4.5.1-1)
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"
|