| Revision Date: | 2015-12-28 | Version: | 1 | | Title: | CVE-2015-8660 on Ubuntu 14.04 LTS (trusty) - high. | | Description: | The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2015-8660
| | Platform(s): | Ubuntu 14.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 14.04 LTS (trusty) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected.
OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-43.49~14.04.1').
OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-23.28~14.04.1').
OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
|
|