CVE-2016-10124
Summary
| CVE | CVE-2016-10124 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-01-09 08:59:00 UTC |
|---|
| Updated | 2017-11-13 02:29:00 UTC |
|---|
| Description | An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Linuxcontainers |
Lxc |
All |
rc1 |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| LXC: Remote security bypass (GLSA 201711-09) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| oss-security - Re: Multiple disputed issues in util-vserver |
MISC |
www.openwall.com |
|
| update lxc-attach manpage · lxc/lxc@e986ea3 · GitHub |
CONFIRM |
github.com |
Issue Tracking, Patch, Third Party Advisory |
| LXC CVE-2016-10124 Security Bypass Vulnerability |
BID |
www.securityfocus.com |
|
| oss-security - AW: Re: CVE request: screen stack overflow (deep
recursion) |
MISC |
www.openwall.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710561 Gentoo Linux LXC Remote Security bypass Vulnerability (GLSA 201711-09)
