CVE-2016-8649

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

References

Affected packages

Git / github.com/lxc/lxc

Affected ranges

Type

GIT

Repo

https://github.com/lxc/lxc

Events

Introduced

Fixed

7b483176022ea1ae71fefbd67b46da9d9b6548b7

Introduced

823765e50bf4df2f2365bd2590768676634919b7

Fixed

2dbff50f0dce18eba59aca449f8aebd16db38bc3

Fixed

81f466d05f2a89cb4f122ef7f593ff3f279b165c

Database specific

{
    "cpe": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.9"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.6"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

lxc-0.*

lxc-0.6.5

lxc-0.7.0

lxc-0.7.1

lxc-0.7.2

lxc-0.7.3

lxc-0.7.4

lxc-0.7.4-rc1

lxc-0.7.5

lxc-0.8.0

lxc-0.8.0-rc2

lxc-0.9.0

lxc-0.9.0.alpha1

lxc-0.9.0.alpha2

lxc-0.9.0.alpha3

lxc-0.9.0.rc1

lxc-1.*

lxc-1.0.0

lxc-1.0.0.alpha1

lxc-1.0.0.alpha2

lxc-1.0.0.alpha3

lxc-1.0.0.beta1

lxc-1.0.0.beta2

lxc-1.0.0.beta3

lxc-1.0.0.beta4

lxc-1.0.0.rc1

lxc-1.0.0.rc2

lxc-1.0.0.rc3

lxc-1.0.0.rc4

lxc-1.0.1

lxc-1.0.2

lxc-1.0.3

lxc-1.0.4

lxc-1.0.5

lxc-1.0.6

lxc-1.0.7

lxc-1.0.8

lxc-2.*

lxc-2.0.0

lxc-2.0.1

lxc-2.0.2

lxc-2.0.3

lxc-2.0.4

lxc-2.0.5

Other

lxc_0_1_0

lxc_0_2_0

lxc_0_2_1

lxc_0_4_0

lxc_0_5_0

lxc_0_5_1

lxc_0_5_2

lxc_0_6_0

lxc_0_6_1

lxc_0_6_2

lxc_0_6_3

lxc_0_6_4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8649.json"