Linuxcontainers: Security Vulnerabilities
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
CVSS Score
4.6
EPSS Score
0.001
Published
2015-08-12
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVSS Score
4.9
EPSS Score
0.0
Published
2015-08-12
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-01-07
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
CVSS Score
7.2
EPSS Score
0.0
Published
2014-02-14
Page 2