CVE-2018-6556

CVE-2018-6556

Name

CVE-2018-6556

Description

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.

NVD Severity

low

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	https://usn.ubuntu.com/usn/usn-3730-1
Issue Tracking	https://bugzilla.suse.com/show_bug.cgi?id=988348
Issue Tracking	https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
Third Party Advisory	https://security.gentoo.org/glsa/201808-02
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html
Mailing List	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html

Type

URI

Third Party Advisory

https://usn.ubuntu.com/usn/usn-3730-1

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=988348

Issue Tracking

https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591

Third Party Advisory

https://security.gentoo.org/glsa/201808-02

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html