Miggo Logo

CVE-2015-1340: LXD vulnerable to Race Condition

8.1

CVSS Score
3.0

Basic Information

EPSS Score
0.5408%
Published
5/24/2022
Updated
9/29/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/lxc/lxdgo< 0.0.0-20151004155856-19c6961cc1010.0.0-20151004155856-19c6961cc101

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the sequence of operations in doUidshiftIntoContainer's convert closure. The original code used os.Lchown followed by os.Chmod based on a previously obtained FileInfo object from filepath.Walk. This created a race condition where an attacker could replace a legitimate file with a symlink between the stat and chmod operations. The commit fixes this by replacing the vulnerable sequence with a ShiftOwner function that uses file descriptors (via O_PATH) to safely operate on the target file without this race window. The affected functions are clearly identified in the diff showing removal of the unsafe Chmod call and its replacement with the secure ShiftOwner implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

LX* ***or* v*rsion *.**-*u*untu* `*oUi*s*i*tInto*ont*in*r()` **s *n uns*** `**mo*()` **ll t**t r***s ***inst t** st*t in t** `*il*p*t*.W*lk()` *un*tion. * sym*oli* link *r**t** in t**t win*ow *oul* **us* *ny *il* on t** syst*m to **v* *ny mo** o* t**

Reasoning

T** vuln*r**ility st*ms *rom t** s*qu*n** o* op*r*tions in *oUi*s*i*tInto*ont*in*r's *onv*rt *losur*. T** ori*in*l *o** us** `os.L**own` *ollow** *y `os.**mo*` **s** on * pr*viously o*t*in** `*il*In*o` o*j**t *rom `*il*p*t*.W*lk`. T*is *r**t** * r***