LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
References
Link | Resource |
---|---|
http://www.ubuntu.com/usn/USN-2988-1 | |
https://linuxcontainers.org/lxd/news/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2016-06-09T16:00:00
Updated: 2016-06-09T14:57:01
Reserved: 2016-01-12T00:00:00
Link: CVE-2016-1581
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-06-09T16:59:01.860
Modified: 2016-06-10T14:27:50.050
Link: CVE-2016-1581
JSON object: View
Redhat Information
No data.
CWE