Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2015-1328

Published: Nov 28, 2016 | Modified: Sep 21, 2017
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
HIGH
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2015-1328
CWEhttps://cwe.mitre.org/data/definitions/264.html

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical * 15.04 (including)
Linux Ubuntu trusty *
Linux Ubuntu utopic *
Linux Ubuntu vivid *
Linux Ubuntu vivid/ubuntu-core *
Linux-flo Ubuntu trusty *
Linux-goldfish Ubuntu trusty *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu utopic *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-vexpress Ubuntu precise *
Linux-lts-raring Ubuntu precise *
Linux-lts-trusty Ubuntu precise *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-vivid Ubuntu trusty *
Linux-maguro Ubuntu trusty *
Linux-mako Ubuntu trusty *
Linux-manta Ubuntu trusty *
Linux-qcm-msm Ubuntu precise *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use