Race Condition Vulnerability in LXD's doUidshiftIntoContainer() Function

Race Condition Vulnerability in LXD's doUidshiftIntoContainer() Function

CVE-2015-1340 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.