VYPR
High severityNVD Advisory· Published Apr 22, 2019· Updated Sep 17, 2024

chmod race in doUidshiftIntoContainer

CVE-2015-1340

Description

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/lxc/lxdGo
< 0.0.0-20151004155856-19c6961cc1010.0.0-20151004155856-19c6961cc101

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.