Vulnerability Details : CVE-2016-10124
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-10124
- cpe:2.3:a:linuxcontainers:lxc:*:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10124
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10124
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
|
8.6
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2016-10124
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10124
-
https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
update lxc-attach manpage · lxc/lxc@e986ea3 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/12/15/5
oss-security - Re: Multiple disputed issues in util-vserver
-
https://security.gentoo.org/glsa/201711-09
LXC: Remote security bypass (GLSA 201711-09) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2015/09/03/5
oss-security - AW: Re: CVE request: screen stack overflow (deep recursion)
-
http://www.securityfocus.com/bid/95404
LXC CVE-2016-10124 Security Bypass Vulnerability
Jump to