CVE Vulnerabilities

CVE-2013-6441

Published: Feb 14, 2014 | Modified: Feb 18, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
6 MODERATE
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.

Affected Software

Name Vendor Start Version End Version
Lxc Linuxcontainers * 0.9.0 (including)
Lxc Linuxcontainers 0.1.0 (including) 0.1.0 (including)
Lxc Linuxcontainers 0.2.0 (including) 0.2.0 (including)
Lxc Linuxcontainers 0.2.1 (including) 0.2.1 (including)
Lxc Linuxcontainers 0.3.0 (including) 0.3.0 (including)
Lxc Linuxcontainers 0.4.0 (including) 0.4.0 (including)
Lxc Linuxcontainers 0.5.0 (including) 0.5.0 (including)
Lxc Linuxcontainers 0.5.1 (including) 0.5.1 (including)
Lxc Linuxcontainers 0.5.2 (including) 0.5.2 (including)
Lxc Linuxcontainers 0.6.0 (including) 0.6.0 (including)
Lxc Linuxcontainers 0.6.1 (including) 0.6.1 (including)
Lxc Linuxcontainers 0.6.2 (including) 0.6.2 (including)
Lxc Linuxcontainers 0.6.3 (including) 0.6.3 (including)
Lxc Linuxcontainers 0.6.4 (including) 0.6.4 (including)
Lxc Linuxcontainers 0.6.5 (including) 0.6.5 (including)
Lxc Linuxcontainers 0.7.0 (including) 0.7.0 (including)
Lxc Linuxcontainers 0.7.1 (including) 0.7.1 (including)
Lxc Linuxcontainers 0.7.2 (including) 0.7.2 (including)
Lxc Linuxcontainers 0.7.3 (including) 0.7.3 (including)
Lxc Linuxcontainers 0.7.4 (including) 0.7.4 (including)
Lxc Linuxcontainers 0.7.4.1 (including) 0.7.4.1 (including)
Lxc Linuxcontainers 0.7.4.2 (including) 0.7.4.2 (including)
Lxc Linuxcontainers 0.7.5 (including) 0.7.5 (including)
Lxc Linuxcontainers 0.8.0 (including) 0.8.0 (including)
Lxc Ubuntu lucid *
Lxc Ubuntu precise *
Lxc Ubuntu quantal *
Lxc Ubuntu raring *
Lxc Ubuntu saucy *

References