Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 515034 (CVE-2014-3519) - <sys-kernel/openvz-sources- Kernel: Access files outside of his container (CVE-2014-3519)
Summary: <sys-kernel/openvz-sources- Kernel: Access files outside of his c...
Alias: CVE-2014-3519
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2014-06-25 06:33 UTC by Andreis Vinogradovs ( slepnoga )
Modified: 2016-11-25 10:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreis Vinogradovs ( slepnoga ) 2014-06-25 06:33:58 UTC
An attacker is able to access files outside of his container.

Function open_by_handle_at() enables process to access files on a mounted filesystem
using file_handle structure. This structure is using inode numbers to differentiate files.
Calling this function requires CAP_DAC_READ_SEARCH capability and superuser inside
a container by default has this capability.

This enables an attacker to bypass simfs restrictions and access all files on an underlying
filesystem including other VE’s residing on the same filesystem.

This is the same issue as the one affecting docker which was discovered recently by by Sebastian Krahmer.
He wrote about it on this list .

This vulnerability is identified by CVE-2014-3519 .

For further technical information please refer to Sebastian Krahmers post and POC
Comment 1 Maxim Koltsov (RETIRED) gentoo-dev 2014-06-25 07:12:50 UTC
Bumped to Security, please handle this.
Comment 2 Andreis Vinogradovs ( slepnoga ) 2014-06-25 08:48:35 UTC
Pva, please stabilize ASAP.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2014-07-03 07:39:36 UTC
x86/amd64 stable.
Comment 4 Andreis Vinogradovs ( slepnoga ) 2015-05-07 13:22:44 UTC
This version removed from tree
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-11-25 10:45:22 UTC
GLSA Vote: No