cve-2015-1328 overlayfs vulnerability in ubuntu trusty stemcell


James Bayer
 

CVE-2015-1328Severity:

High
Vendor:

Canonical Ubuntu
Versions Affected:

Canonical Ubuntu 14.04 LTS with 3.16 kernel
Description:

Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.
Affected Pivotal Products and Versions:

-

Any BOSH deployments (including Cloud Foundry) with Ubuntu Trusty BOSH
stemcell prior to version 2989

Mitigation:

-

The Cloud Foundry project recommends upgrading to BOSH Ubuntu Trusty
stemcell version 2989 or later for all BOSH deployments. The 2989
stemcell has been certified with cf-release v211.

Credit:

Philip Pettersson
References: Canonical:

http://www.ubuntu.com/usn/usn-2646-1/
Other:

BOSH Stemcells <https://bosh.io/stemcells>

Cloud Foundry Release <https://github.com/cloudfoundry/cf-release>

Exploit details <http://seclists.org/oss-sec/2015/q2/717>

--
Thank you,

James Bayer

Join cf-bosh@lists.cloudfoundry.org to automatically receive all group messages.