** Description changed: - It was possible for a chrooted program to create a new user namespace - and a new mount namespace. It could keep an fd to the old root, which is - outside the new root, and therefore use it to escape. + The create_user_ns function in kernel/user_namespace.c in the Linux + kernel before 3.8.6 does not check whether a chroot directory exists + that differs from the namespace root directory, which allows local users + to bypass intended filesystem restrictions via a crafted clone system + call. Break-Fix: - 3151527ee007b73a0ebd296010f1c0454a919c7d
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1170064 Title: CVE-2013-1956 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1170064/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
