CVE-2018-6556

CWE-4178 documents7 sources

Severity

3.3LOW

EPSS

0.1%

top 81.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxcontainers LXC Canonical Ubuntu Linux Opensuse Leap +3 more

Timeline

PublishedAug 10

Latest updateMay 14

Description

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages7 packages

▶NVDopensuse/leap15.0

▶NVDsuse/openstack_cloud6

▶CVEListV5lxc2.0.9 — 2.0*+1

▶NVDlinuxcontainers/lxc3.0.0 — 3.0.2+1

▶Debianlxc< 1:2.0.9-6.1+3

Also affects: Ubuntu Linux 18.04

Patches

Patch: bugzilla.suse.com ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

GHSA

GHSA-xg68-6jxg-5w7p: lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path↗2022-05-14

▶

OSV

CVE-2018-6556: lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path↗2018-08-10

▶

CVEList

The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files↗2018-08-10

▶

📋Vendor Advisories

Ubuntu

LXC vulnerability↗2018-08-06

▶

Debian

CVE-2018-6556: lxc - lxc-user-nic when asked to delete a network interface will unconditionally open ...↗2018

▶

💬Community

Bugzilla

CVE-2018-6556 lxc: lxc-user-nic allows for open() of arbitrary paths↗2018-08-13

▶

Bugzilla

CVE-2018-6556 lxc: lxc-user-nic allows for open() of arbitrary paths [fedora-all]↗2018-08-13

▶