CVE-2013-6441

Published Feb 14, 2014

Last updated 11 years ago

Overview

Description: The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADAA3CD5-2DF7-4FA5-8DE8-5C376D34988D",
            "versionEndIncluding": "0.9.0"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DA7C45E-2A61-42D6-82D3-7F5ED2581770"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B089CD7B-9352-44DB-ACB3-6C5323FDE196"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "131DBF9F-7E49-46C7-B424-F8DFC9A30EA3"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E595E900-DB88-48D8-B6CB-21113FE3CC69"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "605B4EE9-57FA-4179-B430-7498148AC9C8"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "228613D9-EFEB-43E2-BDBC-8D36A2993ED9"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C47C5D5-05B5-4503-A8A3-AB26C44566FC"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77360E54-2092-4CA8-901D-EA9D70303BF5"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC62987-7602-44F3-B623-A39BD02D9234"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D5F42E8-B943-4F63-B1F9-525E96B7D880"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "864B9E0E-1D85-4120-8B58-D4298F0AA9D2"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "291971FE-7096-43E7-882A-AD01D14B8C45"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0164D9DA-0327-4644-B455-A92311C6AE5F"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DDEF7D0-A1E9-414B-A689-240C5DE683D1"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29978BE7-7E5B-4FF5-B35E-F7F0FD9E15B8"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23130573-5884-4DC3-9F12-336B9D6807B6"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D4D3880-C419-4741-ACBB-AC087A3A4BAC"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "389CE800-E958-4240-BDD6-56AB4A7A3859"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6090283-B39F-4D8C-9756-5248A344509B"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E860AF3D-019C-4533-AF38-8251C34F6EC5"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7760469-C409-473F-BD0E-6D52460324F2"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "887CC2E2-8736-4B12-991C-0C7576ED00CE"
          },
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:0.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5840AA1-C17A-4FCE-9299-648D002247C0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References