CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

References

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type

GIT

Repo

https://github.com/canonical/lxd

Events

Introduced

Last affected

7d65940b33f106b7baecb64e7bb19509db5cfd0b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.1"
        }
    ]
}

Affected versions

lxd-0.*

lxd-0.1

lxd-0.10

lxd-0.11

lxd-0.12

lxd-0.13

lxd-0.14

lxd-0.15

lxd-0.16

lxd-0.17

lxd-0.18

lxd-0.19

lxd-0.2

lxd-0.20

lxd-0.21

lxd-0.22

lxd-0.23

lxd-0.24

lxd-0.25

lxd-0.26

lxd-0.27

lxd-0.3

lxd-0.4

lxd-0.5

lxd-0.6

lxd-0.7

lxd-0.8

lxd-0.8.1

lxd-0.9

lxd-2.*

lxd-2.0.0

lxd-2.0.0.beta1

lxd-2.0.0.beta2

lxd-2.0.0.beta3

lxd-2.0.0.beta4

lxd-2.0.0.rc1

lxd-2.0.0.rc2

lxd-2.0.0.rc3

lxd-2.0.0.rc4

lxd-2.0.0.rc5

lxd-2.0.0.rc6

lxd-2.0.0.rc7

lxd-2.0.0.rc8

lxd-2.0.0.rc9

lxd-2.0.1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1581.json"