RSS   Vulnerabilities for
'Checkpoint/restore in userspace'
   RSS

2016-06-07
 
CVE-2015-5231

CWE-200
 

 
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

 
 
CVE-2015-5228

CWE-264
 

 
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

 

 >>> Vendor: CRIU 2 Products
CRIU
Checkpoint/restore in userspace


Copyright 2024, cxsecurity.com

 

Back to Top