High severityNVD Advisory· Published Apr 22, 2019· Updated Sep 17, 2024
chmod race in doUidshiftIntoContainer
CVE-2015-1340
Description
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/lxc/lxdGo | < 0.0.0-20151004155856-19c6961cc101 | 0.0.0-20151004155856-19c6961cc101 |
Affected products
2- Ubuntu/LXDv5Range: unspecified
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8mpq-fmr3-6jxvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1340ghsaADVISORY
- bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270ghsaWEB
- github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4ghsax_refsource_MISCWEB
- github.com/lxc/lxd/pull/1189ghsaWEB
- pkg.go.dev/vuln/GO-2021-0071ghsaWEB
News mentions
0No linked articles in our index yet.