Bypassing Filesystem Restrictions via Crafted Clone System Call

Bypassing Filesystem Restrictions via Crafted Clone System Call

CVE-2013-1956 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.