CVE-2015-1334

CWE-1713 documents9 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 72.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxcontainers LXC

Timeline

PublishedAug 12

Latest updateMay 14

Description

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDlinuxcontainers/lxc1.1.2

▶Debianlxc< 1:1.0.7-4+3

🔴Vulnerability Details

GHSA

GHSA-6mfm-72fc-9558: attach↗2022-05-14

▶

OSV

CVE-2015-1334: attach↗2015-08-12

▶

CVEList

CVE-2015-1334: attach↗2015-08-12

▶

OSV

lxc vulnerabilities↗2015-07-22

▶

💥Exploits & PoCs

Exploit-DB

AIX 7.1 - 'lquerylv' Local Privilege Escalation↗2015-10-30

▶

📋Vendor Advisories

Ubuntu

LXC vulnerabilities↗2015-07-22

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

Debian

CVE-2015-1334: lxc - attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which...↗2015

▶

💬Community

Bugzilla

CVE-2015-1334 lxc: possible unconfined code execution↗2015-07-23

▶

Bugzilla

CVE-2015-1331 CVE-2015-1334 lxc: various flaws [epel-all]↗2015-07-23

▶

Bugzilla

CVE-2015-1331 CVE-2015-1334 lxc: various flaws [fedora-all]↗2015-07-23

▶

Bugzilla

CVE-2014-1334 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶