CVE-2016-2853
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Precise |
Won't Fix
|
Low
|
Unassigned | ||
Trusty |
New
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
Confirmed
|
Low
|
Unassigned | ||
Yakkety |
Won't Fix
|
Low
|
Unassigned | ||
linux-armadaxp (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Won't Fix
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-flo (Ubuntu) |
New
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
New
|
Low
|
Unassigned | ||
Yakkety |
New
|
Low
|
Unassigned | ||
linux-goldfish (Ubuntu) |
New
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
New
|
Low
|
Unassigned | ||
Yakkety |
New
|
Low
|
Unassigned | ||
linux-lts-quantal (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-raring (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-saucy (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-trusty (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Won't Fix
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-utopic (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
New
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-vivid (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
New
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-wily (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
New
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-lts-xenial (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
New
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-mako (Ubuntu) |
New
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
New
|
Low
|
Unassigned | ||
Yakkety |
New
|
Low
|
Unassigned | ||
linux-manta (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned | ||
linux-raspi2 (Ubuntu) |
New
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
New
|
Low
|
Unassigned | ||
Xenial |
New
|
Low
|
Unassigned | ||
Yakkety |
New
|
Low
|
Unassigned | ||
linux-snapdragon (Ubuntu) |
New
|
Low
|
Unassigned | ||
Precise |
Invalid
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
New
|
Low
|
Unassigned | ||
Yakkety |
New
|
Low
|
Unassigned | ||
linux-ti-omap4 (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Precise |
Won't Fix
|
Low
|
Unassigned | ||
Trusty |
Invalid
|
Low
|
Unassigned | ||
Wily |
Invalid
|
Low
|
Unassigned | ||
Xenial |
Invalid
|
Low
|
Unassigned | ||
Yakkety |
Invalid
|
Low
|
Unassigned |
Bug Description
When aufs module is loaded with "modprobe aufs allow_userns", unprivileged user can use xattrs on the working directory or aufs mount over a fuse mount to create SUID/SGID binaries, thus escalating privileges. These errors are quite similar to those on overlayfs:
https:/
https:/
aufs developers have already confirmed and issued a fix:
https:/
Specific reproducers can be found at:
http://
InvitedOnly AkgY8iqF
# lsb_release -rd
Description: Ubuntu 15.10
Release: 15.10
# apt-cache policy linux-image-
linux-image-
Installed: 4.2.0-27.32
Candidate: 4.2.0-27.32
Version table:
*** 4.2.0-27.32 0
500 http://
500 http://
100 /var/lib/
CVE References
Changed in linux: | |
status: | New → Confirmed |
tags: | added: kernel-da-key |
tags: | added: kernel-cve-skip-description |
Changed in linux-lts-trusty (Ubuntu Precise): | |
importance: | Undecided → Low |
Changed in linux-lts-trusty (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-trusty (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-trusty (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-wily (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-wily (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-wily (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-wily (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux-lts-quantal (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-quantal (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-quantal (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-quantal (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux (Ubuntu Precise): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux (Ubuntu Xenial): | |
importance: | Medium → Low |
Changed in linux (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux-ti-omap4 (Ubuntu Precise): | |
importance: | Undecided → Low |
Changed in linux-ti-omap4 (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-ti-omap4 (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-ti-omap4 (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-raring (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-raring (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-raring (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-raring (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-armadaxp (Ubuntu Precise): | |
importance: | Undecided → Low |
Changed in linux-armadaxp (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-armadaxp (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-armadaxp (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-xenial (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-xenial (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-xenial (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-xenial (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux-lts-saucy (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-saucy (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-saucy (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-saucy (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-manta (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-manta (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux-manta (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-manta (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-vivid (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-vivid (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-vivid (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-vivid (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux-raspi2 (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-raspi2 (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux-raspi2 (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-raspi2 (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-mako (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-mako (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux-mako (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-mako (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-utopic (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-utopic (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-utopic (Ubuntu Xenial): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-lts-utopic (Ubuntu Trusty): | |
importance: | Undecided → Low |
Changed in linux-goldfish (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-goldfish (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux-goldfish (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-goldfish (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-flo (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-flo (Ubuntu Wily): | |
importance: | Undecided → Low |
Changed in linux-flo (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-flo (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-manta (Ubuntu Xenial): | |
status: | New → Invalid |
Changed in linux-snapdragon (Ubuntu Precise): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-snapdragon (Ubuntu Wily): | |
status: | New → Invalid |
importance: | Undecided → Low |
Changed in linux-snapdragon (Ubuntu Xenial): | |
importance: | Undecided → Low |
Changed in linux-snapdragon (Ubuntu Yakkety): | |
importance: | Undecided → Low |
Changed in linux-snapdragon (Ubuntu Trusty): | |
status: | New → Invalid |
importance: | Undecided → Low |
tags: | added: kernel-cve-tracking-bug |
summary: |
- aufs fails to handle sanitize xattrs in workdir, copies SUID binaries - from no-suid fuse mounts + CVE-2016-2853 |
affects: | linux → ubuntu-translations |
Changed in ubuntu-translations: | |
status: | Confirmed → New |
no longer affects: | ubuntu-translations |
This is now public:
http:// openwall. com/lists/ oss-security/ 2016/02/ 24/9