Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Mar 2017 10:55:12 -0600
From: Tyler Hicks <>
Cc: St├ęphane Graber <>
Subject: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace

Jann Horn discovered that the lxc-user-nic program could be tricked into
operating on a network namespace over which the caller did not hold

The behavior didn't follow what was documented in the lxc-user-nic(1)
man page:

 It ensures that the calling user is privileged over the network
 namespace to which the interface will be attached.

This issue is CVE-2017-5985.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ