Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2015 11:55:14 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE request -- linux kernel: overlay: fix permission checking for

If possible, we would like to obtain a CVE-ID for the following security issue.
I was not able to find an already-assigned CVE-ID for this.

A flaw was found in the overlay filesystem of the Linux kernel which allows
an unprivileged user to change attributes of the files in the overlay,
particularly allowing access to root-only-accessible files like '/etc/shadow'.

References: - Red Hat public Bugzilla
- an upstream Linux kernel commit fixing the issue.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ