{"containers":{"cna":{"affected":[{"product":"LXC","vendor":"n/a","versions":[{"lessThan":"2.0*","status":"affected","version":"2.0.9","versionType":"custom"},{"changes":[{"at":"3.0.2","status":"unaffected"}],"lessThan":"3.0*","status":"affected","version":"3.0.0","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Matthias Gerstner from SUSE"}],"datePublic":"2018-08-06T00:00:00.000Z","descriptions":[{"lang":"en","value":"lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."}],"problemTypes":[{"descriptions":[{"description":"Incorrect access control","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-05-31T20:06:03.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"name":"USN-3730-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/usn/usn-3730-1"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"},{"name":"GLSA-201808-02","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/201808-02"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.suse.com/show_bug.cgi?id=988348"},{"name":"openSUSE-SU-2019:1227","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"},{"name":"openSUSE-SU-2019:1230","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"},{"name":"openSUSE-SU-2019:1275","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"},{"name":"openSUSE-SU-2019:1481","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}],"source":{"advisory":"USN-3730-1","defect":["1783591"],"discovery":"EXTERNAL"},"title":"The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","DATE_PUBLIC":"2018-08-06T16:00:00.000Z","ID":"CVE-2018-6556","STATE":"PUBLIC","TITLE":"The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"LXC","version":{"version_data":[{"affected":">=","version_affected":">=","version_name":"2.0","version_value":"2.0.9"},{"affected":">=","version_affected":">=","version_name":"3.0","version_value":"3.0.0"},{"affected":"<","version_affected":"<","version_name":"3.0","version_value":"3.0.2"}]}}]},"vendor_name":"n/a"}]}},"credit":[{"lang":"eng","value":"Matthias Gerstner from SUSE"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Incorrect access control"}]}]},"references":{"reference_data":[{"name":"USN-3730-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/usn/usn-3730-1"},{"name":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591","refsource":"CONFIRM","url":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"},{"name":"GLSA-201808-02","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201808-02"},{"name":"https://bugzilla.suse.com/show_bug.cgi?id=988348","refsource":"CONFIRM","url":"https://bugzilla.suse.com/show_bug.cgi?id=988348"},{"name":"openSUSE-SU-2019:1227","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"},{"name":"openSUSE-SU-2019:1230","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"},{"name":"openSUSE-SU-2019:1275","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"},{"name":"openSUSE-SU-2019:1481","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}]},"source":{"advisory":"USN-3730-1","defect":["1783591"],"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T06:10:10.096Z"},"title":"CVE Program Container","references":[{"name":"USN-3730-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/usn/usn-3730-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591"},{"name":"GLSA-201808-02","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/201808-02"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.suse.com/show_bug.cgi?id=988348"},{"name":"openSUSE-SU-2019:1227","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"},{"name":"openSUSE-SU-2019:1230","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html"},{"name":"openSUSE-SU-2019:1275","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"},{"name":"openSUSE-SU-2019:1481","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}]}]},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2018-6556","datePublished":"2018-08-10T15:00:00.000Z","dateReserved":"2018-02-02T00:00:00.000Z","dateUpdated":"2024-09-17T03:38:26.856Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}