RSS   Vulnerabilities for 'Ubuntu-image'   RSS

2017-07-11
 
CVE-2017-10600

CWE-384
 

 
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories.

 

 >>> Vendor: Canonical 40 Products
Ubuntu linux
Reportbug
Spread
Bazaar
Apparmor
Checkinstall
Ubuntu
Ubuntu enterprise cloud
Accountsservice
PHP5
Ubuntu software properties
Telepathy-idle
Software-properties
Apt-xapian-index
MAAS
Metal as a service
Libpam-modules
Update-manager
Ltsp display manager
Acpi-support
Lxcfs
Ubuntu core
Ubuntu touch
Ubuntu-core-launcher
LXD
Openstack ironic
JUJU
Ubuntu-image
Screen-resolution-extra
Ubuntu download manager
Snapd
Cloud-init
Ubuntu cobbler
Microk8s
C-kernel
Subiquity
Ubuntu-ui-toolkit
Remote-login-service
Courier-authlib
Multipass


Copyright 2024, cxsecurity.com

 

Back to Top