lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the hosts /proc, to access the rest of the hosts filesystem via the openat() family of syscalls.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lxc | Linuxcontainers | * | 1.0.9 (excluding) |
Lxc | Linuxcontainers | 2.0.0 (including) | 2.0.6 (excluding) |