CVE-2016-1582: Infoleak
First published: Thu Jun 09 2016(Updated: )
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| LXD | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2016-1582?
CVE-2016-1582 is classified as medium severity due to improper permission settings for privileged mode containers.
How do I fix CVE-2016-1582?
To fix CVE-2016-1582, update LXD to version 2.0.2 or later.
What software versions are affected by CVE-2016-1582?
CVE-2016-1582 affects LXD versions prior to 2.0.2 and specific Ubuntu releases including 15.10 and 16.04.
Can local users exploit CVE-2016-1582?
Yes, local users can exploit CVE-2016-1582 to access arbitrary world-readable paths within the container.
Is CVE-2016-1582 applicable to all Linux distributions?
No, CVE-2016-1582 specifically impacts Ubuntu Linux installations using affected versions of LXD.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/15.10
- version/ubuntu/16.04
- canonical/lxd
- version/lxd/2.0.1