CVE-2015-1328

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

References

http://seclists.org/oss-sec/2015/q2/717

http://www.exploit-db.com/exploits/40688/

http://www.securityfocus.com/bid/75206

https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html

https://security-tracker.debian.org/tracker/CVE-2015-1328

https://www.exploit-db.com/exploits/37292/

Details

Source: MITRE

Published: 2016-11-28

Updated: 2017-09-21

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:* versions up to 15.04 (inclusive)

Configuration 2

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.19 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
124972EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1519)NessusHuawei Local Security Checks
high
84320Ubuntu 14.10 : linux regression (USN-2646-2)NessusUbuntu Local Security Checks
high
84319Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2644-2)NessusUbuntu Local Security Checks
high
84318Ubuntu 14.04 LTS : linux regression (USN-2643-2)NessusUbuntu Local Security Checks
high
84317Ubuntu 12.04 LTS : linux-lts-trusty regression (USN-2642-2)NessusUbuntu Local Security Checks
high
84316Ubuntu 12.04 LTS : linux regression (USN-2640-2)NessusUbuntu Local Security Checks
high
84214Ubuntu 15.04 : linux vulnerability (USN-2647-1)NessusUbuntu Local Security Checks
high
84213Ubuntu 14.10 : linux vulnerability (USN-2646-1)NessusUbuntu Local Security Checks
high
84212Ubuntu 14.04 LTS : linux-lts-vivid vulnerability (USN-2645-1)NessusUbuntu Local Security Checks
high
84211Ubuntu 14.04 LTS : linux-lts-utopic vulnerability (USN-2644-1)NessusUbuntu Local Security Checks
high
84210Ubuntu 14.04 LTS : linux vulnerability (USN-2643-1)NessusUbuntu Local Security Checks
high
84209Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2642-1)NessusUbuntu Local Security Checks
high
84208Ubuntu 12.04 LTS : linux vulnerability (USN-2640-1)NessusUbuntu Local Security Checks
high