Fluid Attacks Database

Description

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	lxc	>=0 <1:2.0.6-1	1:2.0.6-1
debian 14	lxc	>=0 <1:2.0.6-1	1:2.0.6-1
debian 11	lxc	>=0 <1:2.0.6-1	1:2.0.6-1
debian 12	lxc	>=0 <1:2.0.6-1	1:2.0.6-1

Aliases

1. CVE-2016-86492. NVD-2016-86493. OSV-DEBIAN-2016-86494. OSV-2016-86495. SECURITY-TRACKER-CVE-2016-8649