Detections
Analytics
Debian DSA-3317-1 : lxc - security update
medium Nessus Plugin ID 84993
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2015-1331 Roman Fiedler discovered a directory traversal flaw in LXC when creating lock files. A local attacker could exploit this flaw to create an arbitrary file as the root user.
- CVE-2015-1334 Roman Fiedler discovered that LXC incorrectly trusted the container's proc filesystem to set up AppArmor profile changes and SELinux domain transitions. A malicious container could create a fake proc filesystem and use this flaw to run programs inside the container that are not confined by AppArmor or SELinux.
Solution
Upgrade the lxc packages.For the stable distribution (jessie), these problems have been fixed in version 1:1.0.6-6+deb8u1.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793298
https://security-tracker.debian.org/tracker/CVE-2015-1331
https://security-tracker.debian.org/tracker/CVE-2015-1334
Plugin Details
Severity: Medium
ID: 84993
File Name: debian_DSA-3317.nasl
Version: 2.7
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 7/27/2015
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 3.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:lxc, cpe:/o:debian:debian_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 7/25/2015
Reference Information
CVE: CVE-2015-1331, CVE-2015-1334
DSA: 3317