CVE-2016-2853

Related Files

Ubuntu Security Notice USN-5343-1

Posted Mar 23, 2022

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.

tags | advisory, kernel, local

systems | linux, ubuntu

advisories | CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449, CVE-2020-12655, CVE-2020-25670, CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555, CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688, CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564

SHA-256 | f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1

Download | Favorite | View

AUFS (Ubuntu 15.10) Privilege Escalation

Posted Apr 1, 2017

Authored by halfdog

AUFS (Ubuntu 15.10) suffers from an allow_userns fuse/xattr user namespaces privilege escalation vulnerability.

tags | exploit

systems | linux, ubuntu

advisories | CVE-2016-2853, CVE-2016-2854

SHA-256 | 20b06274c846785d08a17e0785b09b252e022b89872f6b1806dfba387493b3c6

Download | Favorite | View