blob: e07c7c0f2d108083341917f13b5b2ccac2e413e1 [file] [log] [blame]
id: GO-2021-0071
modules:
- module: github.com/lxc/lxd
versions:
- fixed: 0.0.0-20151004155856-19c6961cc101
vulnerable_at: 0.0.0-20151004071337-96e120e828e4
packages:
- package: github.com/lxc/lxd/shared
symbols:
- IdmapSet.doUidshiftIntoContainer
skip_fix: 'TODO: Revisit this reason (Fix causes error containing cannot find module providing package github.com/chai2010/gettext-go/gettext - possibly an issue with lack of go.mod file in affected version)'
summary: Race condition in github.com/lxc/lxd
description: |-
A race between chown and chmod operations during a container filesystem shift
may allow a user who can modify the filesystem to chmod an arbitrary path of
their choice, rather than the expected path.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2015-1340
ghsas:
- GHSA-8mpq-fmr3-6jxv
credits:
- Seth Arnold
references:
- fix: https://github.com/lxc/lxd/pull/1189
- fix: https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4
- web: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270
review_status: REVIEWED