CVE-2015-1340

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
PHYSICAL
HIGH
LOW
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
canonicalCNA
7 HIGH
PHYSICAL
HIGH
LOW
CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
linuxcontainerslxd
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lxd
bookworm
5.0.2-5
fixed
sid
5.0.2+git20231211.1364ae4-7
fixed
trixie
5.0.2+git20231211.1364ae4-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lxd
xenial
not-affected
wily
not-affected
vivid
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4