Date: Thu, 9 Mar 2017 10:55:12 -0600 From: Tyler Hicks <tyhicks@...onical.com> To: oss-security@...ts.openwall.com Cc: St=c3=a9phane Graber <stgraber@...ntu.com> Subject: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Jann Horn discovered that the lxc-user-nic program could be tricked into operating on a network namespace over which the caller did not hold privilege. The behavior didn't follow what was documented in the lxc-user-nic(1) man page: It ensures that the calling user is privileged over the network namespace to which the interface will be attached. This issue is CVE-2017-5985. https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html https://launchpad.net/bugs/1654676 https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9 Tyler [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ