CVE-2016-10124

CWE-284Improper Access Control8 documents7 sources
Severity
8.6HIGH
EPSS
0.3%
top 48.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linuxcontainers LXC
Timeline
PublishedJan 9
Latest updateMay 17

Description

An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

Debianlxc< 1:2.0.0-1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-97h5-fmw5-r7vf: An issue was discovered in Linux Containers (LXC) before 2016-02-222022-05-17
CVEList
CVE-2016-10124: An issue was discovered in Linux Containers (LXC) before 2016-02-222017-01-09
OSV
CVE-2016-10124: An issue was discovered in Linux Containers (LXC) before 2016-02-222017-01-09

📋Vendor Advisories

2
Ubuntu
LXC vulnerability2017-08-02
Debian
CVE-2016-10124: lxc - An issue was discovered in Linux Containers (LXC) before 2016-02-22. When execut...2016

💬Community

2
Bugzilla
CVE-2016-10124 lxc: Escaping to parent session using TIOCSTI ioctl in lxc-attach [epel-all]2017-01-09
Bugzilla
CVE-2016-10124 lxc: Escaping to parent session using TIOCSTI ioctl in lxc-attach2017-01-09
CVE-2016-10124 (HIGH CVSS 8.6) | An issue was discovered in Linux Co | cvebase.io