Fluid Attacks Database

Description

lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	lxc	>=0 <1:1.0.7-4	1:1.0.7-4
debian 13	lxc	>=0 <1:1.0.7-4	1:1.0.7-4
debian 14	lxc	>=0 <1:1.0.7-4	1:1.0.7-4
debian 11	lxc	>=0 <1:1.0.7-4	1:1.0.7-4

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.