CVE - CVE-2015-2925

CVE-ID
CVE-2015-2925	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[containers] 20150403 [PATCH review 17/19] vfs: Test for and handle paths that are unreachable from their mnt_root URL:http://permalink.gmane.org/gmane.linux.kernel.containers/29173 MLIST:[containers] 20150403 [PATCH review 19/19] vfs: Do not allow escaping from bind mounts. URL:http://permalink.gmane.org/gmane.linux.kernel.containers/29177 MLIST:[oss-security] 20150404 Re: Linux namespaces: It is possible to escape from bind mounts URL:http://www.openwall.com/lists/oss-security/2015/04/04/4 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 CONFIRM:http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78 CONFIRM:http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1209367 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1209373 CONFIRM:https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37 CONFIRM:https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65 CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html DEBIAN:DSA-3372 URL:http://www.debian.org/security/2015/dsa-3372 DEBIAN:DSA-3364 URL:http://www.debian.org/security/2015/dsa-3364 REDHAT:RHSA-2015:2636 URL:http://rhn.redhat.com/errata/RHSA-2015-2636.html REDHAT:RHSA-2016:0068 URL:http://rhn.redhat.com/errata/RHSA-2016-0068.html SUSE:SUSE-SU-2016:0335 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html SUSE:SUSE-SU-2016:0337 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html SUSE:SUSE-SU-2016:0380 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html SUSE:SUSE-SU-2016:0381 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html SUSE:SUSE-SU-2016:0383 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html SUSE:SUSE-SU-2016:0384 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html SUSE:SUSE-SU-2016:0386 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html SUSE:SUSE-SU-2016:0387 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html SUSE:SUSE-SU-2016:0434 URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html SUSE:SUSE-SU-2015:2194 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html SUSE:SUSE-SU-2015:2292 URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html UBUNTU:USN-2795-1 URL:http://www.ubuntu.com/usn/USN-2795-1 UBUNTU:USN-2798-1 URL:http://www.ubuntu.com/usn/USN-2798-1 UBUNTU:USN-2799-1 URL:http://www.ubuntu.com/usn/USN-2799-1 UBUNTU:USN-2792-1 URL:http://www.ubuntu.com/usn/USN-2792-1 UBUNTU:USN-2794-1 URL:http://www.ubuntu.com/usn/USN-2794-1 BID:73926 URL:http://www.securityfocus.com/bid/73926
Assigning CNA
N/A
Date Entry Created
20150404	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us