The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
References
Link | Resource |
---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360 | Mailing List Patch Vendor Advisory |
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1576.html | Third Party Advisory |
http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/ | Exploit Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/02/24/8 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/10/18/1 | Mailing List Third Party Advisory |
https://bugs.launchpad.net/bugs/1535150 | Third Party Advisory |
https://launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxid-file.patch | Mailing List Patch Third Party Advisory |
https://launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-upper-moun.patch | Mailing List Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2016-05-02T10:00:00
Updated: 2021-10-18T20:06:10
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1576
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-05-02T10:59:24.487
Modified: 2022-04-18T17:59:39.373
Link: CVE-2016-1576
JSON object: View
Redhat Information
No data.
CWE