Vulnerability in Linuxcontainers Lxc

CVE-2013-6441

The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.

EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.

Affected products

Linuxcontainers Lxc — versions 0.1.0, 0.2.0, 0.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

USN-2104-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
secalert@redhat.com (x_refsource_CONFIRM)