Vulnerability Name:

CVE-2017-5985 (CCN-123446)

Assigned:2017-03-14
Published:2017-03-14
Updated:2019-10-03
Summary:lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-862
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2017-5985

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2019:1481

Source: CCN
Type: oss-sec Mailing List, Thu, 9 Mar 2017 10:55:12 -0600
CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership

Source: BID
Type: Third Party Advisory, VDB Entry
96777

Source: CCN
Type: BID-96777
LXC 'lxc/lxc_user_nic.c' Remote Privilege Escalation Vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-3224-1

Source: CONFIRM
Type: Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676

Source: XF
Type: UNKNOWN
linux-containers-cve20175985-priv-esc(123446)

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9

Source: CCN
Type: LXC GIT Repository
CVE-2017-5985: Ensure target netns is caller-owned

Source: CCN
Type: Linux Containers Web site
Linux Containers

Source: MLIST
Type: Vendor Advisory
[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:linuxcontainers:lxc:*:*:*:*:*:*:*:* (Version <= 1.0.9)
  • OR cpe:/a:linuxcontainers:lxc:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.6)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20175985
    V
    		CVE-2017-5985
    2022-06-30
    oval:org.opensuse.security:def:112677
    P
    		liblxc-devel-4.0.9-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106157
    P
    		liblxc-devel-4.0.9-1.1 on GA media (Moderate)
    2021-10-01
    oval:com.ubuntu.precise:def:20175985000
    V
    		CVE-2017-5985 on Ubuntu 12.04 LTS (precise) - medium.
    2017-03-14
    oval:com.ubuntu.xenial:def:201759850000000
    V
    		CVE-2017-5985 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-03-14
    oval:com.ubuntu.trusty:def:20175985000
    V
    		CVE-2017-5985 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-03-14
    oval:com.ubuntu.xenial:def:20175985000
    V
    		CVE-2017-5985 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-03-14
    BACK
    linuxcontainers lxc *
    linuxcontainers lxc *