CVE-2015-5228

high

Description

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

References

https://lists.openvz.org/pipermail/criu/2015-August/021847.html

https://bugzilla.redhat.com/show_bug.cgi?id=1255782

http://www.openwall.com/lists/oss-security/2015/08/25/5

http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html

Details

Source: Mitre, NVD

Published: 2016-06-07

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H