CVE-2015-1331

CWE-5912 documents8 sources
Severity
4.9MEDIUM
EPSS
0.0%
top 85.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linuxcontainers LXC
Timeline
PublishedAug 12
Latest updateMay 14

Description

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

CVSS vector

AV:L/AC:L/C:N/I:C/A:NExploitability: 3.9 | Impact: 6.9

Affected Packages3 packages

Debianlxc< 1:1.0.7-4+3
Ubuntulxc< 1.0.7-0ubuntu0.2

🔴Vulnerability Details

4
GHSA
GHSA-h6rp-phmv-c3rw: lxclock2022-05-14
CVEList
CVE-2015-1331: lxclock2015-08-12
OSV
CVE-2015-1331: lxclock2015-08-12
OSV
lxc vulnerabilities2015-07-22

📋Vendor Advisories

3
Ubuntu
LXC vulnerabilities2015-07-22
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-26
Debian
CVE-2015-1331: lxc - lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files ...2015

💬Community

4
Bugzilla
CVE-2015-1331 lxc: directory traversal flaw2015-07-23
Bugzilla
CVE-2015-1331 CVE-2015-1334 lxc: various flaws [epel-all]2015-07-23
Bugzilla
CVE-2015-1331 CVE-2015-1334 lxc: various flaws [fedora-all]2015-07-23
Bugzilla
CVE-2014-1331 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)2015-01-27
CVE-2015-1331 (MEDIUM CVSS 4.9) | lxclock.c in LXC 1.1.2 and earlier | cvebase.io