Vulnerability Description
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.2 |
| Criu | Checkpoint\/Restore In Userspace | - |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html
- http://www.openwall.com/lists/oss-security/2015/08/25/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1255782
- https://lists.openvz.org/pipermail/criu/2015-August/021847.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html
- http://www.openwall.com/lists/oss-security/2015/08/25/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1255782
- https://lists.openvz.org/pipermail/criu/2015-August/021847.htmlVendor Advisory
FAQ
What is CVE-2015-5228?
CVE-2015-5228 is a vulnerability with a CVSS score of 7.8 (HIGH). The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory...
How severe is CVE-2015-5228?
CVE-2015-5228 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5228?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Criu Checkpoint\/Restore In Userspace.