CVE-2015-5228

Source
https://nvd.nist.gov/vuln/detail/CVE-2015-5228
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-5228.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2015-5228
Related
Published
2016-06-07T14:06:04Z
Modified
2024-11-10T05:00:18Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

References

Affected packages

Debian:12 / criu

Package

Name
criu
Purl
pkg:deb/debian/criu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / criu

Package

Name
criu
Purl
pkg:deb/debian/criu?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}