製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel の fs/dcache.c 内の prepend_path 関数におけるコンテナ保護メカニズムを回避される脆弱性

Title	Linux Kernel の fs/dcache.c 内の prepend_path 関数におけるコンテナ保護メカニズムを回避される脆弱性
Summary	Linux Kernel の fs/dcache.c 内の prepend_path 関数は、bind マウント内部のリネームアクションを適切に処理しないため、コンテナ保護メカニズムを回避される脆弱性が存在します。補足情報 : CWE による脆弱性タイプは、CWE-254: Security Features (セキュリティ機能) と識別されています。 http://cwe.mitre.org/data/definitions/254.html
Possible impacts	ローカルユーザにより、ディレクトリをリネームされることで、コンテナ保護メカニズムを回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 22, 2015, midnight
Registration Date	Nov. 17, 2015, 4:17 p.m.
Last Update	Nov. 17, 2015, 4:17 p.m.

CVSS2.0 : 警告
Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C

Affected System

Linux

Linux Kernel 4.2.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-2925	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
National Vulnerability Database (NVD)
2	CVE-2015-2925	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2925

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
ChangeLog
1	ChangeLog-4.2.4	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
GitHub
2	dcache: Handle escaped paths in prepend_path	https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65
3	vfs: Test for and handle paths that are unreachable from their mnt_root	https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37
Linux Kernel
4	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
5	dcache: Handle escaped paths in prepend_path	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65
6	vfs: Test for and handle paths that are unreachable from their mnt_root	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37
Red Hat Bugzilla
7	Bug 1209367	https://bugzilla.redhat.com/show_bug.cgi?id=1209367
8	Bug 1209373	https://bugzilla.redhat.com/show_bug.cgi?id=1209373

Change Log

No	Changed Details	Date of change
0	[2015年11月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-2925

Summary	The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
Publication Date	Nov. 16, 2015, 8:59 p.m.
Registration Date	Jan. 26, 2021, 2:48 p.m.
Last Update	Nov. 21, 2024, 11:28 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	3.15			3.16.35
cpe:2.3:o:linux:linux_kernel::::::::				3.2.72
cpe:2.3:o:linux:linux_kernel::::::::	3.3			3.4.110
cpe:2.3:o:linux:linux_kernel::::::::	3.5			3.10.91
cpe:2.3:o:linux:linux_kernel::::::::	3.11			3.12.49
cpe:2.3:o:linux:linux_kernel::::::::	3.13			3.14.55
cpe:2.3:o:linux:linux_kernel::::::::	3.17			3.18.23
cpe:2.3:o:linux:linux_kernel::::::::	3.19			4.1.11
cpe:2.3:o:linux:linux_kernel::::::::	4.2			4.2.4

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
3	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
4	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html	Mailing List Third Party Advisory
15	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html	Mailing List Third Party Advisory
16	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html	Mailing List Third Party Advisory
17	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html	Mailing List Third Party Advisory
18	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html	Mailing List Third Party Advisory
19	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html	Mailing List Third Party Advisory
20	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html	Mailing List Third Party Advisory
21	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html	Mailing List Third Party Advisory
22	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html	Mailing List Third Party Advisory
23	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html	Mailing List Third Party Advisory
24	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html	Mailing List Third Party Advisory
25	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html	Mailing List Third Party Advisory
26	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html	Mailing List Third Party Advisory
27	http://permalink.gmane.org/gmane.linux.kernel.containers/29173	Broken Link
28	http://permalink.gmane.org/gmane.linux.kernel.containers/29173	Broken Link
29	http://permalink.gmane.org/gmane.linux.kernel.containers/29177	Broken Link
30	http://permalink.gmane.org/gmane.linux.kernel.containers/29177	Broken Link
31	http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78	Third Party Advisory
32	http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78	Third Party Advisory
33	http://rhn.redhat.com/errata/RHSA-2015-2636.html	Third Party Advisory
34	http://rhn.redhat.com/errata/RHSA-2015-2636.html	Third Party Advisory
35	http://rhn.redhat.com/errata/RHSA-2016-0068.html	Third Party Advisory
36	http://rhn.redhat.com/errata/RHSA-2016-0068.html	Third Party Advisory
37	http://www.debian.org/security/2015/dsa-3364	Third Party Advisory
38	http://www.debian.org/security/2015/dsa-3364	Third Party Advisory
39	http://www.debian.org/security/2015/dsa-3372	Third Party Advisory
40	http://www.debian.org/security/2015/dsa-3372	Third Party Advisory
41	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4	Vendor Advisory
42	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4	Vendor Advisory
43	http://www.openwall.com/lists/oss-security/2015/04/04/4	Mailing List Third Party Advisory
44	http://www.openwall.com/lists/oss-security/2015/04/04/4	Mailing List Third Party Advisory
45	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
46	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
47	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
48	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
49	http://www.securityfocus.com/bid/73926	Third Party Advisory VDB Entry
50	http://www.securityfocus.com/bid/73926	Third Party Advisory VDB Entry
51	http://www.ubuntu.com/usn/USN-2792-1	Third Party Advisory
52	http://www.ubuntu.com/usn/USN-2792-1	Third Party Advisory
53	http://www.ubuntu.com/usn/USN-2794-1	Third Party Advisory
54	http://www.ubuntu.com/usn/USN-2794-1	Third Party Advisory
55	http://www.ubuntu.com/usn/USN-2795-1	Third Party Advisory
56	http://www.ubuntu.com/usn/USN-2795-1	Third Party Advisory
57	http://www.ubuntu.com/usn/USN-2798-1	Third Party Advisory
58	http://www.ubuntu.com/usn/USN-2798-1	Third Party Advisory
59	http://www.ubuntu.com/usn/USN-2799-1	Third Party Advisory
60	http://www.ubuntu.com/usn/USN-2799-1	Third Party Advisory
61	https://bugzilla.redhat.com/show_bug.cgi?id=1209367	Issue Tracking Third Party Advisory
62	https://bugzilla.redhat.com/show_bug.cgi?id=1209367	Issue Tracking Third Party Advisory
63	https://bugzilla.redhat.com/show_bug.cgi?id=1209373	Issue Tracking Third Party Advisory
64	https://bugzilla.redhat.com/show_bug.cgi?id=1209373	Issue Tracking Third Party Advisory
65	https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
66	https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
67	https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
68	https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory

Common Vulnerabilities List