kernel-packages team mailing list archive

Thread
Date

[Bug 1528904] Re: overlay setattr vulnerability

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Andy Whitcroft <apw@xxxxxxxxxxxxx>
Date: Thu, 24 Dec 2015 22:14:54 -0000
Reply-to: Bug 1528904 <1528904@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have installed VMs with the various combinations and tried the POC as
supplied with each.  I confirm that only vivid and later are exposed by
the exploit.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1528904

Title:
  overlay setattr vulnerability

Status in linux package in Ubuntu:
  Triaged

Bug description:
  http://www.openwall.com/lists/oss-security/2015/12/23/5

  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545

  This allows unprivileged users to change attributes on root-owned
  files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1528904/+subscriptions