ALT-PU-2017-1278-1
Closed vulnerabilities
Published: 2017-03-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5985
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Severity: LOW (3.3)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
References:
- openSUSE-SU-2019:1481
- openSUSE-SU-2019:1481
- [oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership
- [oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership
- 96777
- 96777
- USN-3224-1
- USN-3224-1
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
- https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
- https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
- https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
- [lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)
- [lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)